CVE 8.5 HIGH

Intego Personal Backup Task File Privilege Escalation_CVE-2026-26225

February 12, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.

AI Analysis

Local privilege escalation vulnerability in Intego Personal Backup via malicious serialized task file

Basic Information

ID CVE-2026-26225

Source VulnCheck

Published Feb 12, 2026 at 21:57

Affected Product

Vendor Intego

Product Personal Backup

Affected Versions Intego Personal Backup 0

CWE Classification

CWE-59

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Intego

Product Personal Backup

References

{
    "lastseen": "",
    "description": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.",
    "published": "2026-02-12T21:57:54.796Z",
    "modified": "2026-02-12T21:57:54.796Z",
    "type": "cve",
    "title": "Intego Personal Backup Task File Privilege Escalation",
    "source": "VulnCheck",
    "references": "https://blog.quarkslab.com/intego_lpe_macos_1.html\nhttps://www.intego.com/\nhttps://www.intego.com/bootable-mac-backups\nhttps://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes\nhttps://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation",
    "id": "CVE-2026-26225",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "Intego Personal Backup 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Personal Backup",
    "version": "0",
    "vendor": "Intego",
    "ai_description": "Local privilege escalation vulnerability in Intego Personal Backup via malicious serialized task file",
    "ai_severity": "High",
    "ai_vendor": "Intego",
    "ai_product": "Personal Backup",
    "ai_version": "0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply