CVE-2026-24063 - Vulnerability Details

- World-writable uninstall script executed as root in Arturia Software Center

Description

When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.

Published: 2026-03-18

Score: 8.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability involves a world‑writable uninstall script (uninstall.sh) that is created with 777 permissions and located in a root‑owned path. When Arturia Software Center’s privileged helper executes this script during plugin uninstallation, an attacker who can modify the file gains the ability to run arbitrary commands as root. This constitutes a privilege escalation scenario, compromising system integrity and confidentiality, with the potential for full system compromise. The weakness is categorised under CWE‑276, File or Directory Permissions Weakness.

Affected Systems

Arturia Software Center on macOS is affected. All installations that use the uninstall script are susceptible; no specific version ranges are provided, implying that the flaw is present across the current product stock.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity, and although an EPSS score is missing, the lack of a known public exploit and absence from KEV suggest limited early exploitation but a potentially significant risk to any system where an attacker can obtain local write access. Exploitation requires local access to the file system to alter uninstall.sh; once modified, the privileged helper executes the script with root privileges, enabling any further malicious activity.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Arturia

Software Center

unknown

Version	Status	Constraints
`2.12.0.3157`	affected	—

No data.

Vendor Product Confidence Versions

Arturia

Software Center

100%

Version	Status	Scheme	Platform
`2.12.0.3157`	affected	generic	['macos']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

The vendor was unresponsive and did not respond to any of our communication attempts. Therefore, a patch is not available. In case you are using this product, please approach the vendor and demand a fix.

OpenCVE Recommended Actions

Approach Arturia and demand a fix as the vendor has not released a patch, according to the vendor's own statement.
If practical, inspect the uninstall.sh script and change its permissions to a secure mode (e.g., 700 or 750) to prevent unwarranted modifications, ensuring only the owner can edit it.
Continuously monitor the file and system logs for any unauthorized changes to the uninstall script, and consider disabling the privileged helper or uninstalling the product if the vulnerability cannot be mitigated promptly.

Generated by OpenCVE AI on March 18, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://r.sec-consult.com/arturia

History

Thu, 19 Mar 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arturia Arturia software Center
Vendors & Products		Arturia Arturia software Center

Wed, 18 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 18 Mar 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.
Title		World-writable uninstall script executed as root in Arturia Software Center
Weaknesses		CWE-276
References		https://r.sec-consult.com/arturia

Subscriptions

Arturia Software Center

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2026-03-18T15:33:35.010Z

Updated: 2026-03-18T15:52:07.784Z

Reserved: 2026-01-21T11:29:19.853Z

Link: CVE-2026-24063

Vulnrichment

Updated: 2026-03-18T15:50:44.234Z

NVD

Status : Awaiting Analysis

Published: 2026-03-18T16:16:26.527

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-24063

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:58:34Z

Weaknesses

CWE-276

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object