CVE-2026-49949
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
CodexBar before version 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials. Attackers can redirect credentialed provider requests to unintended hosts or ports, capturing data such as browser cookies, bearer tokens, or API keys.
Risk Assessment
Organizations may be at risk of sensitive credential theft, leading to unauthorized access to systems and data. This poses a serious threat to information security and system integrity.
Recommendation
It is recommended to update CodexBar to version 0.33.0 or later to mitigate this vulnerability. Additionally, implementing security measures such as monitoring network traffic and using secure communication protocols is advisable.
Original NVD description (English source)
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API keys to an unintended host, port, or plaintext HTTP destination to capture those credentials.

