Cyber Resilience

CVE-2026-49135

HighPublic PoC

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v4 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-49135 is a high-severity Link Following (CWE-59) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same…

more

host can read the App Store Connect API key written to a fixed path, pre-create files or symbolic links at predictable locations to redirect writes to attacker-controlled destinations, or tamper with notarization archives before submission.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Insecure predictable temp file paths directly expose credentials (API keys) written to fixed locations, enabling local read access consistent with T1552.001.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24046Shared CWE-59
CVE-2026-33748Shared CWE-59
CVE-2025-41667Shared CWE-59
CVE-2026-43998Shared CWE-59
CVE-2025-1683Shared CWE-59
CVE-2026-24884Shared CWE-59
CVE-2025-27850Shared CWE-59
CVE-2025-71212Shared CWE-59
CVE-2026-25906Shared CWE-59
CVE-2025-21331Shared CWE-59

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References