Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Published: 2026-04-02
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation / Sandbox Escape
Action: Immediate Patch
AI Analysis

Impact

A permissions flaw allows an application to run code outside its sandbox or with elevated system permissions, potentially enabling an attacker to execute arbitrary code on the Mac. The weakness is a privilege escalation vulnerability that can lead to unauthorized access to system resources and data, and may compromise overall device integrity.

Affected Systems

The issue affects Apple macOS, specifically versions prior to macOS Sequoia 15.1. Devices running earlier Sequoia releases or other macOS versions have not applied the additional restrictions that resolve this permissions problem.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity. While the EPSS score is not provided, the vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread, documented exploitation yet. The likely attack vector is local, inferred from the fact that a running application can escape its sandbox; an attacker would need to convince or compromise a user‑initiated app to exploit this weakness.

Generated by OpenCVE AI on April 2, 2026 at 21:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS Sequoia 15.1 update or later to address the permissions issue.

Generated by OpenCVE AI on April 2, 2026 at 21:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/121564 cve-icon cve-icon
History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation Allowing Sandbox Escape and Elevated Code Execution
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Fri, 03 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-03T03:55:50.667Z

Reserved: 2024-08-20T21:45:40.785Z

Link: CVE-2024-44250

cve-icon Vulnrichment

Updated: 2026-04-02T18:46:51.187Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T19:18:28.527

Modified: 2026-04-03T16:10:23.730

Link: CVE-2024-44250

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:16:52Z

Weaknesses