CVE-2026-24071
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-02

Last updated on: 2026-02-11

Assigner: SEC Consult Vulnerability Lab

Description
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks.Β The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24071
EUVD
EUVD-2026-5109
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
native-instruments native_access to 3.22.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the XPC service used by the privileged helper of Native Access, which verifies the code signature of a connecting client based on its Process ID (PID). However, this verification method is insecure because it relies on the PID, which can be reused by different processes. An attacker can exploit this PID reuse to bypass the signature verification, potentially impersonating a trusted process.

Impact Analysis

The vulnerability can allow an attacker to exploit PID reuse to bypass code signature verification, potentially enabling unauthorized processes to gain privileged access or perform actions as if they were trusted. This could lead to unauthorized access, privilege escalation, or execution of malicious code within the Native Access environment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24071. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart