Privilege Escalation Vulnerability in Twitch Studio by Twitch
CVE-2024-14032

8.5HIGH

Key Information:

Vendor

Twitch

Status
Twitch Studio
Vendor
CVE Published:
6 April 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2024-14032?

Twitch Studio versions up to 0.114.8 are vulnerable to a privilege escalation issue stemming from an unprotected XPC service in the application's privileged helper tool. This flaw allows local attackers to execute arbitrary code with root privileges. By exploiting the installFromPath:toPath:withReply: method, attackers can overwrite critical system files and binaries, potentially leading to full system compromise. Twitch Studio has been discontinued since May 2024, highlighting the importance of addressing this vulnerability in affected systems.

Affected Version(s)

Twitch Studio 0 <= 0.114.8

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-14032 - Proof of Concept

References

https://www.iru.com/blog/twitch-privileged-helper
technical-descriptionexploit
https://help.twitch.tv/s/topic/0TO3a000000kZfYGAU/twitch-...
product
https://help.twitch.tv/s/article/recommended-software-for...
related

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christopher Lopez
.