CVE-2026-24063

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.

276

Incorrect Default Permissions

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: Medium

View CWE Details

https://r.sec-consult.com/arturia

CVE-2026-24063

Description

Incorrect Default Permissions

Common Consequences

Applicable Platforms

Iscriviti alla newsletter