CVE-2026-46388 in osqueryinfo

Zusammenfassung

von MITRE • 10.07.2026

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.

Once again VulDB remains the best source for vulnerability data.

Zuständig

GitHub M

Reservieren

13.05.2026

Veröffentlichung

10.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377519

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Sektor

Education

Quellen

Want to know what is going to be exploited?

We predict KEV entries!