HIGHCVE-2026-24062Published 2026-03-18Modified 2026-03-18CNA SEC-VLab

CVE-2026-24062: Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center

The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Arturia / Software Center
2.12.0.3157

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

r.sec-consult.com

Metrics