{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/insecure-temp-file/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-49135"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CodexBar \u003c 0.32.0"],"_cs_severities":["high"],"_cs_tags":["insecure-temp-file","local-privilege-escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCodexBar prior to version 0.32.0 is susceptible to an insecure temporary file handling vulnerability. This flaw enables local attackers to potentially access sensitive credentials or manipulate build artifacts by exploiting predictable file paths during the release notarization process. The vulnerability allows attackers with local access to the system to read the App Store Connect API key from a fixed path, pre-create files or symbolic links at predictable locations to redirect writes to attacker-controlled destinations, or tamper with notarization archives before submission. This could lead to unauthorized access, code injection, or supply chain compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a system running a vulnerable version of CodexBar.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the fixed file path used by CodexBar to store the App Store Connect API key during the release notarization workflow.\u003c/li\u003e\n\u003cli\u003eAttacker reads the App Store Connect API key from the predictable file path.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker identifies predictable locations used for temporary files during notarization.\u003c/li\u003e\n\u003cli\u003eThe attacker pre-creates files or symbolic links at these predictable locations, redirecting writes to attacker-controlled destinations.\u003c/li\u003e\n\u003cli\u003eCodexBar writes data to the attacker-controlled locations, potentially overwriting or modifying critical system files.\u003c/li\u003e\n\u003cli\u003eAttacker tampers with notarization archives before submission, injecting malicious code or build artifacts.\u003c/li\u003e\n\u003cli\u003eThe compromised notarization archive is submitted, potentially leading to the distribution of malicious software.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows local attackers to access sensitive App Store Connect API keys, potentially leading to unauthorized access to the developer\u0026rsquo;s account. Furthermore, attackers can tamper with notarization archives, injecting malicious code or build artifacts into the software release, leading to supply chain compromise. The number of potential victims depends on the adoption rate of CodexBar in software development environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade CodexBar to version 0.32.0 or later to remediate the insecure temporary file handling vulnerability (CVE-2026-49135).\u003c/li\u003e\n\u003cli\u003eMonitor file creation events in sensitive directories for unexpected file creations or symbolic links using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement strict file permission policies to limit access to sensitive files and directories, mitigating the risk of unauthorized access.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T21:19:19Z","date_published":"2026-06-01T21:19:19Z","id":"https://feed.craftedsignal.io/briefs/2026-06-codexbar-tmp-file/","summary":"CodexBar versions prior to 0.32.0 are vulnerable to insecure temporary file handling, allowing local attackers to access sensitive credentials or tamper with build artifacts due to predictable file paths in the release notarization workflow.","title":"CodexBar Insecure Temporary File Handling Vulnerability (CVE-2026-49135)","url":"https://feed.craftedsignal.io/briefs/2026-06-codexbar-tmp-file/"}],"language":"en","title":"CraftedSignal Threat Feed — Insecure-Temp-File","version":"https://jsonfeed.org/version/1.1"}