Description
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation.
Published: 2026-03-18
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Contact Vendor
AI Analysis

Impact

The vulnerability exists because the Privileged Helper component of Arturia Software Center on macOS does not properly validate the code signature of connecting XPC clients. This weakness allows a local attacker to connect to the helper and invoke privileged operations, effectively performing local privilege escalation. The issue is identified as a missing authentication of code (CWE-306).

Affected Systems

The affected product is Arturia Software Center for macOS. Specific version details are not provided, so all installations of the software may be vulnerable until an update is released.

Risk and Exploitability

The CVSS base score of 7.8 indicates a high severity, and the EPSS score is currently unavailable. The vulnerability is not listed in the CISA KEV catalog. Because the attack requires local access to the system and the ability to launch an XPC client against the helper, the threat is directed toward local users or processes. Without a vendor patch, the risk remains significant for any user running the software.

Generated by OpenCVE AI on March 18, 2026 at 17:20 UTC.

Remediation

Vendor Solution

The vendor was unresponsive and did not respond to any of our communication attempts. Therefore, a patch is not available. In case you are using this product, please approach the vendor and demand a fix.

OpenCVE Recommended Actions

  • Contact Arturia and demand a fix from the vendor
  • If a fix is not forthcoming, uninstall or disable Arturia Software Center to remove the vulnerable component
  • Continuously monitor Arturia’s website or release notes for any update and apply the patch immediately when it becomes available

Generated by OpenCVE AI on March 18, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://r.sec-consult.com/arturia cve-icon cve-icon
History

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Arturia
Arturia software Center
Vendors & Products Arturia
Arturia software Center

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation.
Title Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center
Weaknesses CWE-306
References

Subscriptions

Arturia Software Center
cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2026-03-18T15:55:32.532Z

Reserved: 2026-01-21T11:29:19.852Z

Link: CVE-2026-24062

cve-icon Vulnrichment

Updated: 2026-03-18T15:53:47.428Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T16:16:26.300

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-24062

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:58:39Z

Weaknesses