PT-2026-57206 · Squery · Osquery

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-46388

CVSS v3.1

4.4

Média

VetorAV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-46388

Produtos afetados

Osquery