Back to CVE List

CVE-2026-46388

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.4 / 10
Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Vulnerability Description

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-279
Source
NVD
Vendor
osquery
Product
osquery

External References

Discussion (0)

Add Comment

No comments yet. Be the first!