CVE-2024-23742

CRITICAL

Loom < 0.196.1 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23742. PoCs published by giovannipajeu1.

AI-analyzed exploit summary The repository lacks actual exploit code and only contains vague descriptions with images, suggesting a social engineering lure rather than a legitimate PoC. No technical details or code are provided.

Description

An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.

Exploits (1)

nomisec SUSPICIOUS 1 stars

by giovannipajeu1 · poc

https://github.com/giovannipajeu1/CVE-2024-23742

View Code ZIP pw:eip

The repository lacks actual exploit code and only contains vague descriptions with images, suggesting a social engineering lure rather than a legitimate PoC. No technical details or code are provided.

Classification

Suspicious 90%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Loom through 0.196.1 on macOS

No auth needed

Prerequisites: Loom application installed on macOS

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://www.electronjs.org/blog/statement-run-as-node-cves

Third Party Advisory

https://github.com/V3x0r/CVE-2024-23742

Scores

CVSS v3 9.8

EPSS 0.0169

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

loom/loom < 0.196.1

Published Jan 28, 2024

Tracked Since Feb 18, 2026