Primary

Context

Inkscape TCC Bypass Vulnerability on MacOS

Vulnerability

Patched

A vulnerability exists in the MacOS version of Inkscape, where the bundled Python interpreter inherits Transparency, Consent, and Control (TCC) permissions from the main application. This allows an attacker with local user access to execute arbitrary commands or scripts via the Python interpreter, using the application's TCC permissions to access files in privacy-protected folders without user prompts. While accessing resources beyond the granted TCC permissions would trigger a user approval request in the name of Inkscape, potentially masking the attacker's intent, this vulnerability could still be exploited to access sensitive files. This issue affects all Inkscape versions prior to 1.4.3 on MacOS.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user files in privacy-protected folders, bypassing normal TCC permission prompts.

Remediation

Users can update to Inkscape version 1.4.3 or later to address this vulnerability.

Added: Jan 22, 2026, 3:31 PM

Updated: Jan 22, 2026, 3:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.4

exploitability

2.9

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.4

exploitability

2.9

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inkscape TCC Bypass Vulnerability on MacOS

Vulnerability

Impact

Remediation

Affected Products

Inkscape

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating