PatchSiren cyber security CVE debrief
CVE-2026-49949 steipete CVE debrief
CVE-2026-49949 is a medium-severity credential forwarding vulnerability in CodexBar before version 0.33.0. An attacker can intercept sensitive credentials by redirecting credentialed provider requests to an unintended host, port, or plaintext HTTP destination.
- Vendor
- steipete
- Product
- CodexBar
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of CodexBar before version 0.33.0 should apply the patch to prevent credential interception.
Technical summary
The vulnerability exists in the shared ProviderHTTPClient transport of CodexBar, allowing network-adjacent attackers to issue cross-origin or HTTP-downgrade redirects. This can lead to the capture of sensitive credentials such as browser cookies, bearer tokens, or API keys.
Defensive priority
High
Recommended defensive actions
- Upgrade CodexBar to version 0.33.0 or later.
- Review and restrict redirects in the ProviderHTTPClient transport.
- Monitor for suspicious activity and credential leaks.
Evidence notes
The CVE record was published on [cve-org](resourceLinkAnnotations.cve-org) and details can be found on [NVD](resourceLinkAnnotations.nvd). Additional information is available from [Vulncheck](resourceLinkAnnotations.ref-7).
Official resources
CVE-2026-49949 was published on 2026-06-11T20:16:24.897Z and modified on 2026-06-11T20:50:49.480Z.