Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Slate Digital Connect by Slate Digital LLC

    CVE-2026-24067 (GCVE-0-2026-24067)

    Vulnerability from nvd – Published: 2026-06-10 11:49 – Updated: 2026-06-10 14:24
    VLAI
    Title
    Slate Digital Connect macOS XPC PID validation privilege escalation
    Summary
    Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check time-of-use (TOCTOU) race condition
    Assigner
    References
    Impacted products
    Credits
    Florian Haselsteiner, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24067",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T14:22:43.985081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T14:24:17.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-in-slate-digital-connect/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "MacOS"
              ],
              "product": "Slate Digital Connect",
              "vendor": "Slate Digital LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.37.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Florian Haselsteiner, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client\u0027s process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
                }
              ],
              "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client\u0027s process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-29",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T11:49:10.839Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/slate"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
                }
              ],
              "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Slate Digital Connect macOS XPC PID validation privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2026-24067",
        "datePublished": "2026-06-10T11:49:10.839Z",
        "dateReserved": "2026-01-21T11:29:19.853Z",
        "dateUpdated": "2026-06-10T14:24:17.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24066 (GCVE-0-2026-24066)

    Vulnerability from nvd – Published: 2026-06-10 11:43 – Updated: 2026-06-10 14:27
    VLAI
    Title
    Slate Digital Connect macOS XPC certificate validation privilege escalation
    Summary
    Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-296 - Improper following of a certificate's chain of trust
    Assigner
    References
    Impacted products
    Credits
    Florian Haselsteiner, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24066",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T14:26:16.333358Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T14:27:50.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-in-slate-digital-connect/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "MacOS"
              ],
              "product": "Slate Digital Connect",
              "vendor": "Slate Digital LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.37.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Florian Haselsteiner, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client\u0027s signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
                }
              ],
              "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client\u0027s signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-473 Signature Spoof"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-296",
                  "description": "CWE-296 Improper following of a certificate\u0027s chain of trust",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T11:43:53.830Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/slate"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
                }
              ],
              "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Slate Digital Connect macOS XPC certificate validation privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2026-24066",
        "datePublished": "2026-06-10T11:43:53.830Z",
        "dateReserved": "2026-01-21T11:29:19.853Z",
        "dateUpdated": "2026-06-10T14:27:50.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24067 (GCVE-0-2026-24067)

    Vulnerability from cvelistv5 – Published: 2026-06-10 11:49 – Updated: 2026-06-10 14:24
    VLAI
    Title
    Slate Digital Connect macOS XPC PID validation privilege escalation
    Summary
    Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check time-of-use (TOCTOU) race condition
    Assigner
    References
    Impacted products
    Credits
    Florian Haselsteiner, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24067",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T14:22:43.985081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T14:24:17.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-in-slate-digital-connect/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "MacOS"
              ],
              "product": "Slate Digital Connect",
              "vendor": "Slate Digital LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.37.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Florian Haselsteiner, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client\u0027s process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
                }
              ],
              "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client\u0027s process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-29",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T11:49:10.839Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/slate"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
                }
              ],
              "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Slate Digital Connect macOS XPC PID validation privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2026-24067",
        "datePublished": "2026-06-10T11:49:10.839Z",
        "dateReserved": "2026-01-21T11:29:19.853Z",
        "dateUpdated": "2026-06-10T14:24:17.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24066 (GCVE-0-2026-24066)

    Vulnerability from cvelistv5 – Published: 2026-06-10 11:43 – Updated: 2026-06-10 14:27
    VLAI
    Title
    Slate Digital Connect macOS XPC certificate validation privilege escalation
    Summary
    Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-296 - Improper following of a certificate's chain of trust
    Assigner
    References
    Impacted products
    Credits
    Florian Haselsteiner, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24066",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T14:26:16.333358Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T14:27:50.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-in-slate-digital-connect/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "MacOS"
              ],
              "product": "Slate Digital Connect",
              "vendor": "Slate Digital LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.37.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Florian Haselsteiner, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client\u0027s signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
                }
              ],
              "value": "Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client\u0027s signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-473 Signature Spoof"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-296",
                  "description": "CWE-296 Improper following of a certificate\u0027s chain of trust",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T11:43:53.830Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/slate"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
                }
              ],
              "value": "The vendor did not respond to the disclosure attempts, and no fixed version was available at the time of publication."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Slate Digital Connect macOS XPC certificate validation privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2026-24066",
        "datePublished": "2026-06-10T11:43:53.830Z",
        "dateReserved": "2026-01-21T11:29:19.853Z",
        "dateUpdated": "2026-06-10T14:27:50.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }