Description
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
Published: 2026-04-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch Now
AI Analysis

Impact

A flaw in the macOS sandbox allows a sandboxed application to create or follow a symbolic link that points outside the permitted directory tree. By exploiting this, the application can read or modify files that should be protected, potentially executing arbitrary code or leaking sensitive data. This weakness corresponds to CWE‑59, improper handling of path traversal.

Affected Systems

Apple macOS releases prior to Sequoia 15.6 are impacted. The 15.6 update contains the fix, so any system running an earlier version remains vulnerable. The vulnerability is relevant to any application that operates within the standard macOS sandbox environment.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity, while the EPSS score below 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be local or partially local, as the payload does not describe a network‑exposed path; an attacker would need to supply input to a sandboxed application or gain the ability to run code within the sandbox to exploit the symlink handling flaw.

Generated by OpenCVE AI on April 3, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.6 or later to receive the official patch.
  • Verify the system update by checking the macOS version and ensuring the new sandbox behavior is in effect.
  • If an immediate update is not possible, restrict or disable sandboxed applications that may use symlinks until the patch is applied.
  • Monitor the system for unusual file access or symlink creation that bypasses sandbox boundaries.

Generated by OpenCVE AI on April 3, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/124149 cve-icon cve-icon
History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title macOS Sandbox Escalation via Improper Symlink Handling

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title macOS Sandbox Escalation via Improper Symlink Handling
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T19:38:15.670Z

Reserved: 2025-04-16T15:24:37.096Z

Link: CVE-2025-43257

cve-icon Vulnrichment

Updated: 2026-04-02T19:36:59.555Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:20:15.797

Modified: 2026-04-03T17:57:19.197

Link: CVE-2025-43257

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:33Z

Weaknesses