{"api_version":"1","generated_at":"2026-07-10T18:11:19+00:00","cve":"CVE-2026-46388","urls":{"html":"https://cve.report/CVE-2026-46388","api":"https://cve.report/api/cve/CVE-2026-46388.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46388","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46388"},"summary":{"title":"osquery: Unprivileged users can temporarily read file carve contents","description":"osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-07-10 16:16:31","updated_at":"2026-07-10 17:44:36"},"problem_types":["CWE-279","CWE-378","CWE-379","CWE-279 CWE-279: Incorrect Execution-Assigned Permissions","CWE-378 CWE-378: Creation of Temporary File With Insecure Permissions","CWE-379 CWE-379: Creation of Temporary File in Directory with Insecure Permissions"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/osquery/osquery/releases/tag/5.23.1","name":"https://github.com/osquery/osquery/releases/tag/5.23.1","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68","name":"https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/osquery/osquery/pull/8961","name":"https://github.com/osquery/osquery/pull/8961","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh","name":"https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46388","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46388","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"osquery","product":"osquery","version":"affected < 5.23.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"product":"osquery","vendor":"osquery","versions":[{"status":"affected","version":"< 5.23.1"}]}],"descriptions":[{"lang":"en","value":"osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-279","description":"CWE-279: Incorrect Execution-Assigned Permissions","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-378","description":"CWE-378: Creation of Temporary File With Insecure Permissions","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-379","description":"CWE-379: Creation of Temporary File in Directory with Insecure Permissions","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-10T14:44:52.865Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh","tags":["x_refsource_CONFIRM"],"url":"https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh"},{"name":"https://github.com/osquery/osquery/pull/8961","tags":["x_refsource_MISC"],"url":"https://github.com/osquery/osquery/pull/8961"},{"name":"https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68","tags":["x_refsource_MISC"],"url":"https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68"},{"name":"https://github.com/osquery/osquery/releases/tag/5.23.1","tags":["x_refsource_MISC"],"url":"https://github.com/osquery/osquery/releases/tag/5.23.1"}],"source":{"advisory":"GHSA-fg78-9q98-62hh","discovery":"UNKNOWN"},"title":"osquery: Unprivileged users can temporarily read file carve contents"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-46388","datePublished":"2026-07-10T14:44:52.865Z","dateReserved":"2026-05-13T19:53:47.922Z","dateUpdated":"2026-07-10T14:44:52.865Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-10 16:16:31","lastModifiedDate":"2026-07-10 17:44:36","problem_types":["CWE-279","CWE-378","CWE-379","CWE-279 CWE-279: Incorrect Execution-Assigned Permissions","CWE-378 CWE-378: Creation of Temporary File With Insecure Permissions","CWE-379 CWE-379: Creation of Temporary File in Directory with Insecure Permissions"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46388","Ordinal":"1","Title":"osquery: Unprivileged users can temporarily read file carve cont","CVE":"CVE-2026-46388","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46388","Ordinal":"1","NoteData":"osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.","Type":"Description","Title":"osquery: Unprivileged users can temporarily read file carve cont"}]}}}