CVE-2020-15349

HIGH

BinaryNights ForkLift <3.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15349. PoCs published by Traxes.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2020-15349, which leverages an unauthorized XPC connection to the Forklift helper tool on macOS to escalate privileges to root. The exploit demonstrates two methods: setting the SUID bit on a copied Python interpreter and installing a malicious LaunchAgent.

Description

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.

Exploits (1)

nomisec WORKING POC 10 stars
by Traxes · poc
https://github.com/Traxes/Forklift_LPE

This repository contains a working proof-of-concept exploit for CVE-2020-15349, which leverages an unauthorized XPC connection to the Forklift helper tool on macOS to escalate privileges to root. The exploit demonstrates two methods: setting the SUID bit on a copied Python interpreter and installing a malicious LaunchAgent.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Forklift 3.3.9
No auth needed
Prerequisites: Forklift 3.3.9 installed on macOS · Python interpreter copied to /tmp/python_copied
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://binarynights.com/blog/posts/forklift-3-4-security-update.html
Exploit, Third Party Advisory x_refsource_misc
https://insinuator.net/2020/11/forklift-lpe/

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 40.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
binarynights/forklift 3.0 - 3.4
Published Nov 17, 2020
Tracked Since Feb 18, 2026