{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26224", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-11T20:08:07.945Z", "datePublished": "2026-02-12T21:58:19.803Z", "dateUpdated": "2026-05-14T02:09:41.848Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["MacOS"], "product": "Log Reporter", "vendor": "Intego", "versions": [{"lessThanOrEqual": "10.9.*", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mathieu Farrell of Quarkslab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root."}], "value": "Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:41.848Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://blog.quarkslab.com/intego_lpe_macos_1.html"}, {"tags": ["product"], "url": "https://www.intego.com/"}, {"tags": ["product"], "url": "https://blog.quarkslab.com/resources/2026-02-10_intego_1/40945709530779-How-to-Use-the-Intego-Log-Reporter.pdf"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/intego-log-reporter-toctou-local-privilege-escalation"}], "source": {"discovery": "UNKNOWN"}, "title": "Intego Log Reporter TOCTOU Local Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T15:43:47.529813Z", "id": "CVE-2026-26224", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T15:43:54.936Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26224", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-13T15:43:47.529813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T15:43:51.639Z"}}], "cna": {"title": "Intego Log Reporter TOCTOU Local Privilege Escalation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mathieu Farrell of Quarkslab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Intego", "product": "Log Reporter", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.9.*"}], "platforms": ["MacOS"], "defaultStatus": "unknown"}], "references": [{"url": "https://blog.quarkslab.com/intego_lpe_macos_1.html", "tags": ["technical-description", "exploit"]}, {"url": "https://www.intego.com/", "tags": ["product"]}, {"url": "https://blog.quarkslab.com/resources/2026-02-10_intego_1/40945709530779-How-to-Use-the-Intego-Log-Reporter.pdf", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/intego-log-reporter-toctou-local-privilege-escalation", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.", "supportingMedia": [{"type": "text/html", "value": "Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:41.848Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26224", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:09:41.848Z", "dateReserved": "2026-02-11T20:08:07.945Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-12T21:58:19.803Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root."}, {"lang": "es", "value": "Intego Log Reporter, una utilidad de diagn\u00f3stico de macOS incluida con los productos de seguridad de Intego que recopila registros del sistema y de aplicaciones para an\u00e1lisis de soporte, contiene una vulnerabilidad de escalada de privilegios local. Un script de diagn\u00f3stico ejecutado como root crea y escribe archivos en /tmp sin aplicar un manejo seguro del directorio, introduciendo una condici\u00f3n de carrera de tiempo de verificaci\u00f3n a tiempo de uso (TOCTOU). Un usuario local sin privilegios puede explotar una condici\u00f3n de carrera basada en symlink para causar escrituras de archivos arbitrarias en ubicaciones privilegiadas del sistema, lo que resulta en una escalada de privilegios a root."}], "id": "CVE-2026-26224", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-12T22:16:07.320", "references": [{"source": "disclosure@vulncheck.com", "url": "https://blog.quarkslab.com/intego_lpe_macos_1.html"}, {"source": "disclosure@vulncheck.com", "url": "https://blog.quarkslab.com/resources/2026-02-10_intego_1/40945709530779-How-to-Use-the-Intego-Log-Reporter.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.intego.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/intego-log-reporter-toctou-local-privilege-escalation"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.9.x]"}}], "product": "log_reporter", "vendor": "intego"}], "analysis": {"en": {"generated_at": "2026-04-16T06:51:52.726749+00:00", "value": {"mitigation_remediation": ["Install the latest Intego Log Reporter update that resolves the insecure temporary file handling and ensures root\u2011only access to /tmp operations.", "Configure macOS to block non\u2011root users from creating symlinks in /tmp by applying appropriate permissions or ACLs, such as setting the sticky bit and restricting write access.", "As a temporary workaround, disable or remove the root\u2011executed diagnostic script or set Log Reporter to read\u2011only mode until the vendor releases a fix."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation to root"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Intego Log Reporter installed on macOS as part of Intego security products; no specific version information is provided.", "description_and_impact": "Intego Log Reporter contains a time\u2011of\u2011check to time\u2011of\u2011use race condition that allows a local unprivileged user to create a symlink and cause a root\u2011executed diagnostic script to write to privileged system locations, resulting in arbitrary file writes and privilege escalation to root.", "risk_and_exploitability": "The vulnerability carries a high CVSS score of 8.5 and an EPSS score of less than 1%, indicating a severe flaw but a low probability of exploitation in the wild; it is not listed in the CISA KEV catalog. Exploitation requires a local user to manipulate the /tmp directory while the root\u2011executed diagnostic script performs file operations, exploiting the TOCTOU race to overwrite privileged files."}}}}, "created": "2026-02-13T21:29:16.057386+00:00", "updated": "2026-04-16T07:00:10.983472+00:00", "vendors": ["intego", "intego$PRODUCT$log_reporter"]}