CVE-2026-26224
Awaiting Analysis Awaiting Analysis - Queue

TOCTOU Race Condition in Intego Log Reporter Enables Root Escalation

Vulnerability report for CVE-2026-26224, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-12

Last updated on: 2026-02-13

Assigner: VulnCheck

Description

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-12
Last Modified
2026-02-13
Generated
2026-07-06
AI Q&A
2026-02-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
intego log_reporter *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Intego Log Reporter, a macOS diagnostic utility. It involves a local privilege escalation due to a race condition in a root-executed diagnostic script that writes files in the /tmp directory without secure handling. An unprivileged local user can exploit this time-of-check to time-of-use (TOCTOU) race condition by using symbolic links to trick the script into writing arbitrary files to privileged system locations, thereby gaining root privileges.

Impact Analysis

The vulnerability allows a local unprivileged user to escalate their privileges to root. This means an attacker with local access can gain full control over the affected system, potentially leading to unauthorized access, modification, or destruction of system files and data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart