CVE-2026-24063
World-writable uninstall script executed as root in Arturia Software Center
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.
| CWE | CWE-276 |
| Vendor | arturia |
| Product | software center |
| Published | Mar 18, 2026 |
| Last Updated | Mar 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for arturia software center
Be the first to know when new high vulnerabilities affecting arturia software center are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Arturia / Software Center
2.12.0.3157
Credits
Florian Haselsteiner, SEC Consult Vulnerability Lab