When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.
"}],"value":"When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation."}],"impacts":[{"capecId":"CAPEC-122","descriptions":[{"lang":"en","value":"CAPEC-122 Privilege Abuse"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-276","description":"CWE-276 Incorrect default permissions","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-18T15:33:35.010Z","orgId":"551230f0-3615-47bd-b7cc-93e92e730bbf","shortName":"SEC-VLab"},"references":[{"tags":["third-party-advisory"],"url":"https://r.sec-consult.com/arturia"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The vendor was unresponsive and did not respond to any of our communication attempts. Therefore, a patch is not available. In case you are using this product, please approach the vendor and demand a fix.
"}],"value":"The vendor was unresponsive and did not respond to any of our communication attempts. Therefore, a patch is not available. In case you are using this product, please approach the vendor and demand a fix."}],"source":{"discovery":"EXTERNAL"},"title":"World-writable uninstall script executed as root in Arturia Software Center","x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"551230f0-3615-47bd-b7cc-93e92e730bbf","assignerShortName":"SEC-VLab","cveId":"CVE-2026-24063","datePublished":"2026-03-18T15:33:35.010Z","dateReserved":"2026-01-21T11:29:19.853Z","dateUpdated":"2026-03-18T15:52:07.784Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-18 16:16:26","lastModifiedDate":"2026-05-19 15:35:04","problem_types":["CWE-276","CWE-276 CWE-276 Incorrect default permissions"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"24063","Ordinal":"1","Title":"World-writable uninstall script executed as root in Arturia Soft","CVE":"CVE-2026-24063","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"24063","Ordinal":"1","NoteData":"When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.","Type":"Description","Title":"World-writable uninstall script executed as root in Arturia Soft"}]}}}