CVE-2026-0924
Unknown
Unknown - Not Provided
Privilege Escalation via Insecure XPC Service in BuhoCleaner
Publication date: 2026-02-02
Last updated on: 2026-04-20
Assigner: Fluid Attacks
Description
Description
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| drbuho | buhocleaner | 1.15.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in BuhoCleaner version 1.15.2 involves an insecure XPC service that allows local, unprivileged users to escalate their privileges to root by exploiting insecure functions within the service.
How can this vulnerability impact me? :
An attacker with local access could exploit this vulnerability to gain root privileges, potentially allowing them to take full control of the affected system, access sensitive data, modify system configurations, or install malicious software.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70