Session Cookie Leakage Vulnerability in CodexBar by Steipete
CVE-2026-43625

8.2HIGH

Key Information:

Vendor

Steipete

Status
Codexbar
Vendor
CVE Published:
1 June 2026

What is CVE-2026-43625?

A vulnerability exists in CodexBar prior to version 0.32.0 that enables attackers on the network path to intercept sensitive session cookies. This is due to improper handling of redirects associated with Amp and Ollama provider sessions. When a redirect from a provider-controlled target leads to a cleartext HTTP endpoint, the session cookies can be captured in plaintext format, posing a significant risk of session hijacking and unauthorized access to user accounts.

Affected Version(s)

CodexBar 0

References

https://github.com/steipete/CodexBar/releases/tag/v0.32.0
release-notes
https://github.com/steipete/CodexBar/pull/1226
issue-tracking
https://github.com/steipete/CodexBar/commit/cdd7e347c1cf6...
patch

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.