Description
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.
Published: 2026-02-12
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation to root
Action: Immediate Patch
AI Analysis

Impact

Intego Log Reporter contains a time‑of‑check to time‑of‑use race condition that allows a local unprivileged user to create a symlink and cause a root‑executed diagnostic script to write to privileged system locations, resulting in arbitrary file writes and privilege escalation to root.

Affected Systems

The vulnerability affects Intego Log Reporter installed on macOS as part of Intego security products; no specific version information is provided.

Risk and Exploitability

The vulnerability carries a high CVSS score of 8.5 and an EPSS score of less than 1%, indicating a severe flaw but a low probability of exploitation in the wild; it is not listed in the CISA KEV catalog. Exploitation requires a local user to manipulate the /tmp directory while the root‑executed diagnostic script performs file operations, exploiting the TOCTOU race to overwrite privileged files.

Generated by OpenCVE AI on April 16, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Intego Log Reporter update that resolves the insecure temporary file handling and ensures root‑only access to /tmp operations.
  • Configure macOS to block non‑root users from creating symlinks in /tmp by applying appropriate permissions or ACLs, such as setting the sticky bit and restricting write access.
  • As a temporary workaround, disable or remove the root‑executed diagnostic script or set Log Reporter to read‑only mode until the vendor releases a fix.

Generated by OpenCVE AI on April 16, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Intego
Intego log Reporter
Vendors & Products Intego
Intego log Reporter

Fri, 13 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Description Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.
Title Intego Log Reporter TOCTOU Local Privilege Escalation
Weaknesses CWE-367
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Intego Log Reporter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:44:16.165Z

Reserved: 2026-02-11T20:08:07.945Z

Link: CVE-2026-26224

cve-icon Vulnrichment

Updated: 2026-02-13T15:43:51.639Z

cve-icon NVD

Status : Deferred

Published: 2026-02-12T22:16:07.320

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-26224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:00:10Z

Weaknesses