{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26225", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-11T20:08:07.945Z", "datePublished": "2026-02-12T21:57:54.796Z", "dateUpdated": "2026-05-12T01:46:26.271Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["MacOS"], "product": "Personal Backup", "vendor": "Intego", "versions": [{"lessThanOrEqual": "10.9.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mathieu Farrell of Quarkslab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root."}], "value": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-12T01:46:26.271Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://blog.quarkslab.com/intego_lpe_macos_1.html"}, {"tags": ["product"], "url": "https://www.intego.com/"}, {"tags": ["product"], "url": "https://www.intego.com/bootable-mac-backups"}, {"tags": ["release-notes"], "url": "https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation"}], "source": {"discovery": "UNKNOWN"}, "title": "Intego Personal Backup Task File Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T15:48:22.313649Z", "id": "CVE-2026-26225", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T15:48:31.265Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26225", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-13T15:48:22.313649Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T15:48:26.238Z"}}], "cna": {"title": "Intego Personal Backup Task File Privilege Escalation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mathieu Farrell of Quarkslab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Intego", "product": "Personal Backup", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "10.9.0"}], "platforms": ["MacOS"], "defaultStatus": "unknown"}], "references": [{"url": "https://blog.quarkslab.com/intego_lpe_macos_1.html", "tags": ["technical-description", "exploit"]}, {"url": "https://www.intego.com/", "tags": ["product"]}, {"url": "https://www.intego.com/bootable-mac-backups", "tags": ["product"]}, {"url": "https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes", "tags": ["release-notes"]}, {"url": "https://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.", "supportingMedia": [{"type": "text/html", "value": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-12T01:46:26.271Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26225", "state": "PUBLISHED", "dateUpdated": "2026-05-12T01:46:26.271Z", "dateReserved": "2026-02-11T20:08:07.945Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-12T21:57:54.796Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root."}, {"lang": "es", "value": "Intego Personal Backup, una utilidad de copia de seguridad de macOS que permite a los usuarios crear copias de seguridad programadas y clones de sistema arrancables, contiene una vulnerabilidad de escalada de privilegios local. Las definiciones de tareas de copia de seguridad se almacenan en una ubicaci\u00f3n escribible por usuarios no privilegiados mientras se procesan con privilegios elevados. Al crear un archivo de tarea serializado malicioso, un atacante local puede desencadenar escrituras de archivos arbitrarias en ubicaciones sensibles del sistema, lo que lleva a la escalada de privilegios a root."}], "id": "CVE-2026-26225", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-12T22:16:07.477", "references": [{"source": "disclosure@vulncheck.com", "url": "https://blog.quarkslab.com/intego_lpe_macos_1.html"}, {"source": "disclosure@vulncheck.com", "url": "https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes"}, {"source": "disclosure@vulncheck.com", "url": "https://www.intego.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.intego.com/bootable-mac-backups"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.9.x]"}}], "product": "personal_backup", "vendor": "intego"}], "analysis": {"en": {"generated_at": "2026-04-16T06:52:15.444354+00:00", "value": {"mitigation_remediation": ["Restrict the permissions of the directory where backup task definitions are stored so that only privileged users can write to it.", "Disable or delete any unneeded or unused backup tasks that allow privileged execution of user\u2011supplied tasks.", "Regularly monitor the task definition directory for unexpected changes and investigate promptly.", "Apply any vendor\u2011issued update to Intego Personal Backup that addresses the privilege escalation when it becomes available."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Intego Personal Backup application; specific version details are not disclosed in the available data. The issue is relevant to any installations that utilize the backup task feature on macOS.", "description_and_impact": "Intego Personal Backup, a macOS backup utility, contains a local privilege escalation flaw. Backup task definitions are stored in a directory writable by non\u2011privileged users, while the system processes those files with elevated privileges. A local attacker who can create or modify a serialized task file can induce the backup engine to write arbitrary files to critical system locations, thereby gaining root access. The weakness stems from improper validation or sanitization of user supplied data (CWE\u201159).", "risk_and_exploitability": "The CVSS score of 8.5 indicates high severity, while the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local user access and the ability to create or alter backup task files in the writable directory, after which the backup engine\u2014running as root\u2014processes the malicious file and performs arbitrary file writes."}}}}, "created": "2026-02-13T21:29:16.798377+00:00", "updated": "2026-04-16T07:00:10.984171+00:00", "vendors": ["intego", "intego$PRODUCT$personal_backup"]}