Intego Log Reporter TOCTOU Local Privilege Escalation

Advisories

Intego Log Reporter TOCTOU Local Privilege Escalation

severity: high
date: 2/12/2026
Affecting: Log Reporter <= 10.9.x
CVE: CVE-2026-26224
CWE: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Quarkslab Researcher Blog and PoC
Intego Vendor Homepage
Intego Log Reporter Documentation
Credit: Mathieu Farrell of Quarkslab
Description: Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo