CVE-2026-0924 | THREATINT

Description

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-02 | Updated 2026-02-03 | Assigner Fluid Attacks

HIGH: 7.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Product status

Default status

unaffected

1.15.2

affected

Credits

Oscar Uribe finder

References

fluidattacks.com/advisories/solstafir third-party-advisory

www.drbuho.com/buhocleaner product

www.drbuho.com/buhocleaner/download patch

cve.org (CVE-2026-0924)

nvd.nist.gov (CVE-2026-0924)

Download JSON