PT-2026-5707 · Unknown · Buhocleaner
Oscar Uribe
·
Published
2026-02-02
·
Updated
2026-03-31
·
CVE-2026-0924
CVSS v4.0
7.3
High
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
BuhoCleaner version 1.15.2
Description
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root. This is achieved through insecure functions within the XPC service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Race Condition
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Buhocleaner