CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-46388

mediumCVSS 4.4covered by 1 sourcefirst seen 2026-07-10
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.

⚡ Watch CVE-2026-46388

Get an email if CVE-2026-46388 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-46388

CVE.org record

Embed the live status

CVE-2026-46388 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-46388 status](https://www.csirts.com/badge/CVE-2026-46388)](https://www.csirts.com/cve/CVE-2026-46388)