CWE-377
Allowed-with-ReviewInsecure Temporary File
Abstraction: Class · Status: Incomplete
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
169 vulnerabilities reference this CWE, most recent first.
GHSA-F35P-MP22-6W3M
Vulnerability from github – Published: 2025-08-26 06:31 – Updated: 2025-08-26 06:31A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-9474"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T05:15:33Z",
"severity": "LOW"
},
"details": "A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.",
"id": "GHSA-f35p-mp22-6w3m",
"modified": "2025-08-26T06:31:00Z",
"published": "2025-08-26T06:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9474"
},
{
"type": "WEB",
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/mihomo-party/README.md"
},
{
"type": "WEB",
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/mihomo-party/README.md#proof-of-concept-1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321343"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321343"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.634656"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F4JH-WW96-9H9J
Vulnerability from github – Published: 2021-03-30 16:23 – Updated: 2021-03-30 16:22Impact
When File.createTempFile creates a file, the permissions on that file are -rw-r--r--. This means that other users can read the contents of these files after they are written, although they can not modify the contents. This allows for local information disclosure if these files contain sensitive information.
Vulnerable locations: - https://github.com/Netflix/Priam/blob/362660bb7ebddb0cfa756a282d94678f65af9f06/priam/src/main/java/com/netflix/priam/backup/MetaData.java#L106-L111 - https://github.com/Netflix/Priam/blob/362660bb7ebddb0cfa756a282d94678f65af9f06/priam/src/main/java/com/netflix/priam/identity/DoubleRing.java#L109-L118 - https://github.com/Netflix/Priam/blob/362660bb7ebddb0cfa756a282d94678f65af9f06/priam/src/main/java/com/netflix/priam/restore/PostRestoreHook.java#L80-L86
The custom CodeQL queries leveraged to find these this as well as their results can be found here:
https://lgtm.com/query/1543383251073929777/ https://lgtm.com/query/3142895023158674709/
Official Disclosure
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md
Fix
There are no fixed versions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.netflix.priam:priam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.1.104"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28100"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-30T16:22:43Z",
"nvd_published_at": "2021-03-23T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen `File.createTempFile` creates a file, the permissions on that file are -rw-r--r--. This means that other users can read the contents of these files after they are written, although they can not modify the contents. This allows for local information disclosure if these files contain sensitive information.\n\nVulnerable locations:\n - https://github.com/Netflix/Priam/blob/362660bb7ebddb0cfa756a282d94678f65af9f06/priam/src/main/java/com/netflix/priam/backup/MetaData.java#L106-L111\n - https://github.com/Netflix/Priam/blob/362660bb7ebddb0cfa756a282d94678f65af9f06/priam/src/main/java/com/netflix/priam/identity/DoubleRing.java#L109-L118\n - https://github.com/Netflix/Priam/blob/362660bb7ebddb0cfa756a282d94678f65af9f06/priam/src/main/java/com/netflix/priam/restore/PostRestoreHook.java#L80-L86\n\n---\n\nThe custom CodeQL queries leveraged to find these this as well as their results can be found here:\n\nhttps://lgtm.com/query/1543383251073929777/\nhttps://lgtm.com/query/3142895023158674709/\n\n## Official Disclosure\n\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md\n\n## Fix\n\nThere are no fixed versions.",
"id": "GHSA-f4jh-ww96-9h9j",
"modified": "2021-03-30T16:22:43Z",
"published": "2021-03-30T16:23:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-f4jh-ww96-9h9j"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Netflix/Priam: Temporary Directory Information Disclosure"
}
GHSA-F8VX-Q848-4V5X
Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
{
"affected": [],
"aliases": [
"CVE-2026-4822"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T21:16:48Z",
"severity": "HIGH"
},
"details": "A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown function of the file C:\\ProgramData\\IperiusBackup\\Jobs\\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
"id": "GHSA-f8vx-q848-4v5x",
"modified": "2026-03-25T21:30:36Z",
"published": "2026-03-25T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4822"
},
{
"type": "WEB",
"url": "https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/arbitrary-file-disclosure.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.353122"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.353122"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.774209"
},
{
"type": "WEB",
"url": "https://www.iperiusbackup.com/download-software-backup.aspx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FFHX-2RRF-9C23
Vulnerability from github – Published: 2024-06-12 09:30 – Updated: 2024-11-12 18:30A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
{
"affected": [],
"aliases": [
"CVE-2024-5742"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-12T09:15:23Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.",
"id": "GHSA-ffhx-2rrf-9c23",
"modified": "2024-11-12T18:30:50Z",
"published": "2024-06-12T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5742"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6986"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9430"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-5742"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278574"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FQH9-2QGG-H84H
Vulnerability from github – Published: 2022-05-17 04:01 – Updated: 2024-09-23 19:26FileSystemBytecodeCache in Jinja2 prior to version 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Jinja2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0012"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-14T00:58:39Z",
"nvd_published_at": "2014-05-19T14:55:00Z",
"severity": "MODERATE"
},
"details": "FileSystemBytecodeCache in Jinja2 prior to version 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user\u0027s uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.",
"id": "GHSA-fqh9-2qgg-h84h",
"modified": "2024-09-23T19:26:46Z",
"published": "2022-05-17T04:01:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0012"
},
{
"type": "WEB",
"url": "https://github.com/mitsuhiko/jinja2/pull/292"
},
{
"type": "WEB",
"url": "https://github.com/mitsuhiko/jinja2/pull/296"
},
{
"type": "WEB",
"url": "https://github.com/pallets/jinja2/pull/292"
},
{
"type": "WEB",
"url": "https://github.com/pallets/jinja2/pull/296"
},
{
"type": "WEB",
"url": "https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7"
},
{
"type": "WEB",
"url": "https://github.com/pallets/jinja/commit/acb672b6a179567632e032f547582f30fa2f4aa7"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
},
{
"type": "PACKAGE",
"url": "https://github.com/pallets/jinja2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2014-82.yaml"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2014/q1/73"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Insecure Temporary File in Jinja2"
}
GHSA-G2JW-FQX3-5MWQ
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
{
"affected": [],
"aliases": [
"CVE-2015-5224"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-23T15:29:00Z",
"severity": "CRITICAL"
},
"details": "The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.",
"id": "GHSA-g2jw-fqx3-5mwq",
"modified": "2022-05-13T01:16:19Z",
"published": "2022-05-13T01:16:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5224"
},
{
"type": "WEB",
"url": "https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256686"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/08/24/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G4MQ-6FP5-QWCF
Vulnerability from github – Published: 2021-04-20 16:46 – Updated: 2024-11-18 16:26A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p "; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc//cmdline'.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0a1"
},
{
"fixed": "2.8.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0a1"
},
{
"fixed": "2.9.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1733"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-377",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-05T18:50:43Z",
"nvd_published_at": "2020-03-11T19:15:00Z",
"severity": "LOW"
},
"details": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 \u0026\u0026 mkdir -p \u003cdir\u003e\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating \u0027/proc/\u003cpid\u003e/cmdline\u0027.",
"id": "GHSA-g4mq-6fp5-qwcf",
"modified": "2024-11-18T16:26:12Z",
"published": "2021-04-20T16:46:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1733"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/issues/67791"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-11"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File"
}
GHSA-GC5V-M9X4-R6X2
Vulnerability from github – Published: 2026-03-25 16:56 – Updated: 2026-03-27 22:07Impact
The requests.utils.extract_zipped_paths() utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one.
Affected usages
Standard usage of the Requests library is not affected by this vulnerability. Only applications that call extract_zipped_paths() directly are impacted.
Remediation
Upgrade to at least Requests 2.33.0, where the library now extracts files to a non-deterministic location.
If developers are unable to upgrade, they can set TMPDIR in their environment to a directory with restricted write access.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "requests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.33.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25645"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-25T16:56:28Z",
"nvd_published_at": "2026-03-25T17:16:52Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one.\n\n### Affected usages\n**Standard usage of the Requests library is not affected by this vulnerability.** Only applications that call `extract_zipped_paths()` directly are impacted.\n\n### Remediation\nUpgrade to at least Requests 2.33.0, where the library now extracts files to a non-deterministic location.\n\nIf developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.",
"id": "GHSA-gc5v-m9x4-r6x2",
"modified": "2026-03-27T22:07:42Z",
"published": "2026-03-25T16:56:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
},
{
"type": "WEB",
"url": "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"
},
{
"type": "PACKAGE",
"url": "https://github.com/psf/requests"
},
{
"type": "WEB",
"url": "https://github.com/psf/requests/releases/tag/v2.33.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"
}
GHSA-GG57-WG6F-C8VG
Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-01 21:30CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.
{
"affected": [],
"aliases": [
"CVE-2026-49134"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T21:16:46Z",
"severity": "HIGH"
},
"details": "CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.",
"id": "GHSA-gg57-wg6f-c8vg",
"modified": "2026-06-01T21:30:45Z",
"published": "2026-06-01T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49134"
},
{
"type": "WEB",
"url": "https://github.com/steipete/CodexBar/pull/1222"
},
{
"type": "WEB",
"url": "https://github.com/steipete/CodexBar/commit/dbc944d46cd4cf7877d1ca47c44556fe573b46e8"
},
{
"type": "WEB",
"url": "https://github.com/steipete/CodexBar/releases/tag/v0.32.0"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/codexbar-privilege-escalation-via-cli-installer-temp-file"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GG9R-QR35-CFRW
Vulnerability from github – Published: 2026-01-07 03:30 – Updated: 2026-01-07 03:30Insecure Temporary File vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
{
"affected": [],
"aliases": [
"CVE-2025-14612"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T02:03:00Z",
"severity": "MODERATE"
},
"details": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u00a0\n\nInstaller (SFX)\n\n on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.",
"id": "GHSA-gg9r-qr35-cfrw",
"modified": "2026-01-07T03:30:26Z",
"published": "2026-01-07T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14612"
},
{
"type": "WEB",
"url": "https://www.altera.com/security/security-advisory/asa-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-149: Explore for Predictable Temporary File Names
An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
CAPEC-155: Screen Temporary Files for Sensitive Information
An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.