{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-24066/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-10T14:27:50.169Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-24066","@id":"https://www.cve.org/CVERecord?id=CVE-2026-24066","description":"Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the exp"},"products":[{"@id":"cpe:2.3:a:slate_digital_llc:slate_digital_connect:1.37.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:slate_digital_llc:slate_digital_connect:1.37.0:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-10T14:27:50.169Z"}]}