{"data":{"id":"d17c64d6-d2fc-4c06-ad31-adfcc3c543fb","title":"CVE-2026-43625: CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept impo","summary":"CodexBar versions before 0.32.0 have a session cookie leakage vulnerability where attackers on the network can intercept imported browser session cookies by exploiting how the software handles redirects (automatic forwarding between web addresses) for Amp and Ollama providers. An attacker positioned between a user and the network can capture sensitive session cookies (small files that store login information) when they are sent unencrypted over HTTP (the unencrypted version of web communication).","solution":"Update CodexBar to version 0.32.0 or later. The fix is referenced in commit cdd7e347c1cf616615f18aa2ac52ba2ec9cab332 and release v0.32.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43625","publishedAt":"2026-06-01T19:16:47.813Z","cveId":"CVE-2026-43625","cweIds":["CWE-319"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["CodexBar","Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-01T19:16:47.813Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}