CVE-2026-24063

High

Published: 18 March 2026

Published

18 March 2026

Modified

19 March 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0001 1.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24063 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Sec Consult (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-34 (Non-modifiable Executable Programs).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-34 Non-modifiable Executable Programs good match

prevent

Prevents modification of non-modifiable executable programs like the world-writable uninstall.sh script without authorization and verification prior to privileged execution.

CM-6 Configuration Settings good match

prevent

Mandates restrictive configuration settings such as non-world-writable permissions on root-owned scripts to block unauthorized modifications by low-privileged attackers.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Verifies the integrity of software components like uninstall.sh and detects unauthorized changes before execution by the Privileged Helper.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Vulnerability enables local privilege escalation by allowing modification of a world-writable bash uninstall script executed with root privileges via the Privileged Helper.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any…

user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.

Deeper analysisAI

CVE-2026-24063 is a privilege escalation vulnerability (CWE-276: Incorrect Default Permissions) in the Arturia Software Center on macOS, with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), published on 2026-03-18. The issue arises when a plugin is installed via the Arturia Software Center, which places an uninstall.sh bash script in a root-owned path with overly permissive 777 file permissions, allowing any local user to write to it. During plugin uninstallation, the application's Privileged Helper executes this script.

A local attacker with low privileges (PR:L) can exploit the vulnerability by modifying the world-writable uninstall.sh script to include malicious code. Exploitation requires low attack complexity (AC:L) and user interaction (UI:R), such as tricking a user into uninstalling the affected plugin through the Arturia Software Center. Successful execution by the Privileged Helper runs the tampered script with elevated privileges, enabling scope change (S:C) and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), resulting in full system compromise.

Mitigation details are available in the advisory at https://r.sec-consult.com/arturia.