{"id":79631,"date":"2026-06-11T23:46:24","date_gmt":"2026-06-11T20:16:24","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-49949-codexbar-0-33-0-credential-leakage-via-http-redirect\/"},"modified":"2026-06-11T23:46:24","modified_gmt":"2026-06-11T20:16:24","slug":"cve-2026-49949-codexbar-0-33-0-credential-leakage-via-http-redirect","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-49949-codexbar-0-33-0-credential-leakage-via-http-redirect\/","title":{"rendered":"CVE-2026-49949 &#8211; CodexBar &lt; 0.33.0 Credential Leakage via HTTP Redirect"},"content":{"rendered":"<p>CVE ID :CVE-2026-49949<\/p>\n<p>  Published : June 11, 2026, 8:16 p.m. | 1\u00a0hour, 3\u00a0minutes ago<\/p>\n<p>  Description :CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API keys to an unintended host, port, or plaintext HTTP destination to capture those credentials.<\/p>\n<p>  Severity: 6.0 | MEDIUM<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-49949 Published : June 11, 2026, 8:16 p.m. | 1\u00a0hour, 3\u00a0minutes ago Description :CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-79631","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=79631"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79631\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=79631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=79631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=79631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}