VYPR
High severity7.1NVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026

CVE-2026-49134

CVE-2026-49134

Description

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • CodexBar/Codexbarllm-fuzzy2 versions
    <0.32.0+ 1 more
    • (no CPE)range: <0.32.0
    • (no CPE)range: <0.32.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2026-49134 · High · VYPR