Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24064

Summary
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
Published At-09 Jun, 2026 | 14:47
Updated At-10 Jun, 2026 | 14:32
Rejected At-
Credits

Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SEC-VLab
Assigner Org ID:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:09 Jun, 2026 | 14:47
Updated At:10 Jun, 2026 | 14:32
Rejected At:
▼CVE Numbering Authority (CNA)
Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.

Affected Products
Vendor
Waves Audio Ltd.
Product
Waves Central
Platforms
  • MacOS
Default Status
unaffected
Versions
Affected
  • From 13.0.9 through 16.5.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-426CWE-426 Untrusted Search Path
Type: CWE
CWE ID: CWE-426
Description: CWE-426 Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-640CAPEC-640 Inclusion of Code in Existing Process
CAPEC ID: CAPEC-640
Description: CAPEC-640 Inclusion of Code in Existing Process
Solutions

The issue is fixed in version 16.6.2 or higher which can be downloaded at the vendor's download page at https://www.waves.com/downloads/central

Configurations
Workarounds
Exploits
Credits
finder
Florian Haselsteiner, SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/waves
third-party-advisory
Hyperlink: https://r.sec-consult.com/waves
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/waves
exploit
Hyperlink: https://r.sec-consult.com/waves
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:09 Jun, 2026 | 16:16
Updated At:10 Jun, 2026 | 15:16

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-426Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-426
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://r.sec-consult.com/waves551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
https://r.sec-consult.com/waves134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://r.sec-consult.com/waves
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A
Hyperlink: https://r.sec-consult.com/waves
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2023-41840
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.20%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:04
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortiClientWindows
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-41766
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 74.58%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-11660
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-34.22% / 97.10%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 17:21
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-data_protectorData Protector
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-36538
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.4||HIGH
EPSS-0.05% / 14.88%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:12
Updated-23 Oct, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-36536
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 20.31%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:06
Updated-07 Nov, 2024 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-34145
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.23%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:57
Updated-05 Dec, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex Onetrend_micro_apex_one
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-34119
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.40%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:05
Updated-07 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for Windows
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-34144
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.23%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:57
Updated-05 Dec, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex Onetrend_micro_apex_one
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-38060
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.94%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 23:14
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

Action-Not Available
Vendor-OpenStack
Product-kollaOpenStack
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-31253
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.86%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 13:50
Updated-01 May, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself

A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.

Action-Not Available
Vendor-openSUSE
Product-openldap2Factory
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-29583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.13%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.

Action-Not Available
Vendor-service_projectn/aMicrosoft Corporation
Product-windowsservicen/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-22047
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.20% / 79.37%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-30 Oct, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-02||Apply updates per vendor instructions.
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_10_21h2windows_10_1809windows_server_2022windows_rt_8.1windows_8.1windows_10_1507windows_server_2008windows_10_21h1windows_10_20h2windows_10_1607windows_server_20h2windows_server_2019windows_11_21h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 7Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server version 20H2Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-0145
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 19:45
Updated-20 Aug, 2025 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Untrusted Search Path

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllerroomsworkplace_virtual_desktop_infrastructureworkplace_desktopvideo_software_development_kitmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-36666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 15:06
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

Action-Not Available
Vendor-druvan/a
Product-insync_clientn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-22410
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 14.88%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 20:22
Updated-13 Nov, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binary Planting Attack on Windows Platforms in Creditcoin

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental.

Action-Not Available
Vendor-gluwagluwaMicrosoft Corporation
Product-windowscreditcoincreditcoin
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-26738
Matching Score-4
Assigner-Zscaler, Inc.
ShareView Details
Matching Score-4
Assigner-Zscaler, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.66%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 13:24
Updated-27 Feb, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation for ZCC macOS via PATH Variable

Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.

Action-Not Available
Vendor-Zscaler, Inc.
Product-client_connectorClient Connector
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • Next
Details not found