ByteOS Network

NVD Vulnerability Details :

CVE-2026-24064

Deferred

Source-551230f0-3615-47bd-b7cc-93e92e730bbf

Published At-09 Jun, 2026 | 16:16

Updated At-10 Jun, 2026 | 15:16

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-426	Secondary	551230f0-3615-47bd-b7cc-93e92e730bbf

CWE ID: CWE-426

Type: Secondary

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

References

Hyperlink	Source	Resource
https://r.sec-consult.com/waves	551230f0-3615-47bd-b7cc-93e92e730bbf	N/A
https://r.sec-consult.com/waves	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://r.sec-consult.com/waves

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

Resource: N/A

Hyperlink: https://r.sec-consult.com/waves

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History