Vulnerability Title: TCC Bypass vulnerability in Inkscape application for MacOS CVE ID: CVE-2025-15523 Date of Publication: 22 January 2026 Vendor: Inkscape Product: Inkscape Affected Versions: All versions before 1.4.3 (MacOS only) Vulnerability Type: Incorrect Default Permissions (CWE-276) Source of the Report: CERT Polska Description Summary Inkscape's macOS application included a Python interpreter that inherited Transparency, Consent, and Control (TCC) permissions from the main application. Local attackers could exploit this interpreter to access user files in privacy-protected folders, bypassing user prompts for TCC permissions, and potentially masking their malicious activities under Inkscape's name. The issue was addressed in Inkscape version 1.4.3. Credit The AFINET team, specifically Karol Mazurek and Hubert Decyusz, submitted the vulnerability report.