CVE-2026-24065
Published: 09 June 2026
Summary
CVE-2026-24065 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Sec Consult (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Abuse Elevation Control Mechanism (T1548); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-35448
Vulnerability details
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify code-signing identity. Because process identifiers can be…
more
reused, a local attacker can exploit a race condition between the time a connection request is made and the time the helper performs validation, causing the helper to trust an attacker-controlled process. This allows the attacker to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Race condition in macOS privileged helper enables local root execution by abusing its elevation mechanism.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Timestamps meeting UTC or offset standards help identify TOCTOU issues through precise chronological reconstruction of check/use operations.