CVE-2026-24066

Published: Giu 10, 2026 Last Modified: Giu 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0009
Percentile
0,0th
Updated

EPSS Score Trend (Last 6 Days)

296

Improper Following of a Certificate's Chain of Trust

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Non-Repudiation Integrity Confidentiality Availability Access Control
Potential Impacts:
Hide Activities Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: Not Technology-Specific, Web Based
Likelihood of Exploit: Low
View CWE Details
https://sec-consult.com/vulnerability-lab/advisory/local-pr…
https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-i…
https://r.sec-consult.com/slate
https://r.sec-consult.com/slate