CVE-2026-24064 - Vulnerability Details - OpenCVE

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://r.sec-consult.com/waves

History

Tue, 09 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.
Title		Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS
Weaknesses		CWE-426
References		https://r.sec-consult.com/waves

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2026-06-09T14:47:16.296Z

Updated: 2026-06-09T14:47:16.296Z

Reserved: 2026-01-21T11:29:19.853Z

Link: CVE-2026-24064

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-09T16:16:39.350

Modified: 2026-06-09T16:16:39.350

Link: CVE-2026-24064

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-09T16:30:08Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24064", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2026-01-21T11:29:19.853Z", "datePublished": "2026-06-09T14:47:16.296Z", "dateUpdated": "2026-06-09T14:47:16.296Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-06-09T14:47:16.296Z"}, "title": "Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-640", "descriptions": [{"lang": "en", "value": "CAPEC-640 Inclusion of Code in Existing Process"}]}], "affected": [{"vendor": "Waves Audio Ltd.", "product": "Waves Central", "platforms": ["MacOS"], "versions": [{"status": "affected", "version": "13.0.9", "lessThanOrEqual": "16.5.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.<br>"}]}], "references": [{"url": "https://r.sec-consult.com/waves", "tags": ["third-party-advisory"]}], "solutions": [{"lang": "en", "value": "The issue is fixed in version 16.6.2 or higher which can be downloaded at the vendor's download page at\u00a0https://www.waves.com/downloads/central", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The issue is fixed in version 16.6.2 or higher which can be downloaded at the vendor's download page at https://www.waves.com/downloads/central"}]}], "credits": [{"lang": "en", "value": "Florian Haselsteiner, SEC Consult Vulnerability Lab", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}