High severityNVD Advisory· Published Feb 12, 2026· Updated Apr 15, 2026

CVE-2026-26225

Description

Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.quarkslab.com/intego_lpe_macos_1.htmlnvd
integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notesnvd
www.intego.comnvd
www.intego.com/bootable-mac-backupsnvd
www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalationnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000