By weakness (CWE)

CWE-377: related vulnerabilities

CVEs classified under CWE-377. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-49134HIGH 7.1

    CodexBar versions before 0.32.0 contain a local privilege escalation flaw in the CLI installer. An attacker with access to the same system can intercept and modify the installer's temporary files during the installation process, tricking the system into running malicious commands with root-level privileges. This requires the attacker to be on the same machine and to time their interference with an active installation, but once successful, grants complete system control.

  • CVE-2026-49135HIGH 7.1

    CodexBar versions before 0.32.0 have a serious flaw in how they handle temporary files during the app release and notarization process. An attacker with access to the same machine can steal the App Store Connect API credentials or sabotage the build artifacts before they're submitted to Apple. The vulnerability exists because CodexBar writes sensitive files to predictable, fixed locations that any local user can read or manipulate.