CVE-2026-24063

{"id": "CVE-2026-24063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2026-03-18T16:16:26.527", "references": [{"url": "https://r.sec-consult.com/arturia", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation."}, {"lang": "es", "value": "Cuando se instala un plugin usando el Arturia Software Center (macOS), tambi\u00e9n instala un script bash uninstall.sh en una ruta propiedad de root. Este script se escribe en el disco con los permisos de archivo 777, lo que significa que es escribible por cualquier usuario. Al desinstalar un plugin a trav\u00e9s del Arturia Software Center, el Privileged Helper recibe instrucciones para ejecutar este script. Cuando el script bash es manipulado por un atacante, este escenario conducir\u00e1 a una escalada de privilegios."}], "lastModified": "2026-05-19T15:35:04.330", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}