CVE-2026-26224
Awaiting Analysis Awaiting Analysis - Queue
TOCTOU Race Condition in Intego Log Reporter Enables Root Escalation

Publication date: 2026-02-12

Last updated on: 2026-02-13

Assigner: VulnCheck

Description
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-13
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26224
EUVD
EUVD-2026-6165
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intego log_reporter *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Intego Log Reporter, a macOS diagnostic utility. It involves a local privilege escalation due to a race condition in a root-executed diagnostic script that writes files in the /tmp directory without secure handling. An unprivileged local user can exploit this time-of-check to time-of-use (TOCTOU) race condition by using symbolic links to trick the script into writing arbitrary files to privileged system locations, thereby gaining root privileges.

Impact Analysis

The vulnerability allows a local unprivileged user to escalate their privileges to root. This means an attacker with local access can gain full control over the affected system, potentially leading to unauthorized access, modification, or destruction of system files and data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart