HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-24066Published Modified CNA SEC-VLab

CVE-2026-24066: Slate Digital Connect macOS XPC certificate validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.

Metrics

CVSS v3.1
8.4
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an authentication bypass via flawed XPC certificate validation in Slate Digital Connect 1.37.0 for macOS. A local attacker without any special account privileges can craft a self-signed certificate with the expected organizational unit field, bypassing the helper tool's client check entirely because the software never verifies the certificate chains to a trusted authority. Successful exploitation gives the attacker full access to a privileged helper tool, enabling local privilege escalation with high impact on confidentiality, integrity, and system availability. No upstream fix has been published; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built macOS-based images, so any image shipping Slate Digital Connect 1.37.0 is flagged automatically.

Available
Triage

HarborGuard scores this finding at CVSS 8.4 (HIGH) and weights it against each environment's compliance policy to determine urgency and routing. The finding is dispatched to the appropriate team inbox within each customer org based on configured ownership rules for the affected image or workload.

Available
Patch

Because no fix version has been published, HarborGuard re-checks the upstream advisory on every ingest cycle and will make a patched-image rebuild available the moment SEC-VLab or Slate Digital LLC publishes a remediated release. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network access is required to reach the vulnerable XPC service.

  • AuthenticationNot required

    No account credentials or privileges are required; any unprivileged local process can initiate the malicious XPC connection.

  • Victim interactionNot required

    The attack is fully self-contained and does not require any action from another user or process on the system.

  • Attack complexityDetail

    The exploit is reliable and condition-free; generating a self-signed certificate with the expected OU value is a straightforward, repeatable operation requiring no race condition or environmental luck.

Blast Radius

  • The attacker gains full control of the privileged helper tool, allowing execution of privileged operations on the macOS host.
  • Confidential data accessible to the helper process (credentials, tokens, keychain-adjacent material) is readable by the attacker.
  • The attacker can write or modify files and system state that only privileged processes should touch, including system configuration and installed software.
  • The attacker can crash or disable the helper service, disrupting any functionality that depends on it.

How HarborGuard Handles This

Available on HarborGuard: any image found to include Slate Digital Connect 1.37.0 is flagged at ingestion with a HIGH severity finding scored at CVSS 8.4. Because no upstream patch exists yet, HarborGuard monitors the SEC-VLab advisory on every ingest cycle and will surface a patched-image rebuild the moment a fix version is published; for customers with auto-remediation enabled, that rebuild will be paired with a regression test run and a PR opened against affected workloads automatically. In the interim, compensating controls worth considering include macOS endpoint policy restricting which processes can communicate with privileged XPC services, tightened application allowlisting to block unauthorized binaries from running on affected hosts, and removal or disabling of the helper tool where Slate Digital Connect functionality is not operationally required. Customers can configure compliance policy rules in HarborGuard to escalate or block deployment of images carrying this finding until an upstream fix is confirmed.

See how HarborGuard automates this
Affected packages
  • Slate Digital LLC / Slate Digital Connect
    1.37.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References