CVE-2026-49134 affects CodexBar versions prior to 0.32.0, containing a privilege escalation vulnerability in the CLI installer. The vulnerability allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload, and executes it with administrator privileges via bash. A local process can rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root. This represents a significant security risk for systems with CodexBar installed.