CVE-2026-24063
Deferred Deferred - Pending Action

Writable Uninstall Script in Arturia Software Center Enables Privilege Escalation

Vulnerability report for CVE-2026-24063, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-18

Last updated on: 2026-05-19

Assigner: SEC Consult Vulnerability Lab

Description

When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-18
Last Modified
2026-05-19
Generated
2026-07-06
AI Q&A
2026-03-18
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
arturia software_center *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can lead to privilege escalation, allowing an attacker with limited access to gain higher privileges on the affected MacOS system. This can result in unauthorized control over the system, potentially compromising confidentiality, integrity, and availability of data and system resources.

Compliance Impact

I don't know

Executive Summary

This vulnerability occurs when a plugin is installed using the Arturia Software Center on MacOS. During installation, an uninstall.sh bash script is placed in a root-owned directory with file permissions set to 777, making it writable by any user. When uninstalling a plugin, the Privileged Helper executes this script. If an attacker modifies the script, they can exploit this to escalate their privileges on the system.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24063. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart