CVE-2026-2638
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to le...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CWE
- CWE-367
Description
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24067 — Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes ... (8.4 HIGH)
- CVE-2026-49958 — Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard functi... (5.0 MEDIUM)
- CVE-2026-45647 — Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges ... (5.5 MEDIUM)
- CVE-2026-45487 — Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate pri... (7.8 HIGH)
- CVE-2026-24065 — Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service (8.1 HIGH)