CVE-2026-24068HIGH 8.8EPSS p35.6%

CVE-2026-24068CVE-2026-24068

Description

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can connect to this service using the configured protocol. A malicious process is able to call all the functions defined in the corresponding HelperToolProtocol. No validation is performed in the functions "writeReceiptFile" and “runUninstaller” of the HelperToolProtocol. This allows an attacker to write files to any location with any data as well as execute any file with any arguments. Any process can call these functions because of the missing XPC client validation described before. The abuse of the missing endpoint validation leads to privilege escalation.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.6% · 2026-06-19T12:03:05Z
Published2026-03-26
Last modified2026-05-19

Underlying weaknesses· 1

CWE-306

References

  1. https://r.sec-consult.com/vsl
  2. http://seclists.org/fulldisclosure/2026/Apr/3

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24066
CVE
CVE-2025-0324
CVE
CVE-2026-24070
CVE
CVE-2026-24065
CVE
CVE-2026-21255
CVE
CVE-2021-21974
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.