Primary

Context

Canva for Mac Local Code Execution Vulnerability via TCC Permissions

Vulnerability

A vulnerability exists in the Canva for Mac desktop application distributed through the Mac App Store, prior to version 1.117.1. This version was released without the Hardened Runtime, allowing a local threat actor with unprivileged access to execute arbitrary code that could inherit the TCC (Transparency, Consent, and Control) permissions assigned to Canva.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated permissions, potentially allowing for more significant system access or control.

Remediation

Users are advised to upgrade to the latest version of the Canva application via the Mac App Store.

Added: Nov 18, 2025, 1:17 AM

Updated: Nov 18, 2025, 1:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

3.3

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

3.3

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Canva for Mac Local Code Execution Vulnerability via TCC Permissions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating