CVE Catalog

CVE-2026-49949

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile — higher than 10% of all known CVEs

Summary

CodexBar before version 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials. Attackers can redirect credentialed provider requests to unintended hosts or ports, capturing data such as browser cookies, bearer tokens, or API keys.

Risk Assessment

Organizations may be at risk of sensitive credential theft, leading to unauthorized access to systems and data. This poses a serious threat to information security and system integrity.

Recommendation

It is recommended to update CodexBar to version 0.33.0 or later to mitigate this vulnerability. Additionally, implementing security measures such as monitoring network traffic and using secure communication protocols is advisable.

Original NVD description (English source)

CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API keys to an unintended host, port, or plaintext HTTP destination to capture those credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS