CVE-2026-46388 - CERT CVE
ID CVE-2026-46388
Sažetak osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.
Reference
CVSS
Base: 4.4
Impact: 3.6
Exploitability:0.8
Pristup
VektorSloženostAutentikacija
LOCAL HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 10-07-2026 - 20:16
Objavljeno 10-07-2026 - 16:16