CVE-2026-24070 - Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access

CVE ID : CVE-2026-24070 Published : Feb. 2, 2026, 1:15 p.m. | 59 minutes ago Description : During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: