QwikSec

Security Database

CVE

CWE

Training

CVE-2026-26225

Published: Feb 12, 2026

Modified: May 12, 2026

PUBLISHED

Description

Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.

Vendor	Product	Versions
Intego	Personal Backup	affected `0 - <= 10.9.0`

Weaknesses (CWE)

References

https://blog.quarkslab.com/intego_lpe_macos_1.html

technical-description

exploit

https://www.intego.com/

product

https://www.intego.com/bootable-mac-backups

product

https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes

release-notes

https://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.