Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
CVE-2026-24063: Arturia Software Center installs vulnerable uninstall script on MacOS
CVE-2026-24063
Summary
When installing plugins, Arturia Software Center leaves a script on your Mac that can be edited by anyone. If an attacker changes this script, they could gain elevated access to your Mac. To avoid this, do not install plugins from untrusted sources, and consider reinstalling plugins using a more secure method.
Original title
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777...
Original description
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.
nvd CVSS3.1
8.2
Vulnerability type
CWE-276
Incorrect Default Permissions
Published: 18 Mar 2026 · Updated: 15 Jun 2026 · First seen: 18 Mar 2026