Description
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.
Published: 2026-02-02
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to root
Action: Patch Now
AI Analysis

Impact

BuhoCleaner contains an insecure XPC service that permits a local, unprivileged user to gain root privileges through insecure functions. The flaw involves concurrency weaknesses identified by CWE‑367 (Improper Locking). The result is a local privilege escalation that can compromise system integrity, allowing an attacker to execute arbitrary code as root.

Affected Systems

The affected product is Dr.Buho BuhoCleaner version 1.15.2, running on macOS. Only this specific version is known to be susceptible to the local privilege escalation via PID reuse attack.

Risk and Exploitability

The vulnerability has a CVSS score of 7.3, indicating a high impact, while the EPSS score is below 1% showing a very low probability of exploitation. It is not listed in the CISA KEV catalog. The likely attack vector is local: an attacker who has access to the same user account on the affected machine can exploit the insecure XPC service through PID reuse to elevate their privileges to root.

Generated by OpenCVE AI on April 20, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest version of BuhoCleaner that includes the fix for the insecure XPC service.
  • Restrict the XPC service to only trusted system users and remove unnecessary access for regular accounts.
  • Enforce the principle of least privilege by revoking elevated privileges from local user accounts that are not required to run the application.

Generated by OpenCVE AI on April 20, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Tue, 14 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Drbuho
Drbuho buhocleaner
Weaknesses CWE-367
CPEs cpe:2.3:a:drbuho:buhocleaner:1.15.2:*:*:*:*:macos:*:*
Vendors & Products Drbuho
Drbuho buhocleaner
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 03 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.
Title BuhoCleaner 1.15.2 - Local Privilege Escalation via PID reuse attack
First Time appeared Dr.buho
Dr.buho buhocleaner
Weaknesses CWE-362
CPEs cpe:2.3:a:dr.buho:buhocleaner:1.15.2:*:macos:*:*:*:*:*
Vendors & Products Dr.buho
Dr.buho buhocleaner
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Dr.buho Buhocleaner
Drbuho Buhocleaner
cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published:

Updated: 2026-04-21T02:40:06.930Z

Reserved: 2026-01-13T20:47:00.900Z

Link: CVE-2026-0924

cve-icon Vulnrichment

Updated: 2026-02-03T15:05:00.424Z

cve-icon NVD

Status : Modified

Published: 2026-02-02T23:16:03.683

Modified: 2026-04-20T16:16:40.823

Link: CVE-2026-0924

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:00:10Z

Weaknesses