CVE-2026-43625
MEDIUMCodexBar < 0.32.0 - Cleartext Transmission of Sensitive Information via HTTP Redirect
Title source: llmDescription
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
References (4)
Core 4
Core References
Issue Tracking
https://github.com/steipete/CodexBar/pull/1226
Scores
CVSS v3
5.9
EPSS
0.0019
EPSS Percentile
8.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026