Description
A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time.
Published: 2025-12-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Privacy Breach
Action: Apply Update
AI Analysis

Impact

The vulnerability is a logic error that was addressed with improved error handling. It causes iCloud Private Relay not to activate when more than one user logs in at the same time. The flaw is identified as a CWE-843 type inconsistency. The impact is that the privacy protection normally provided by Private Relay could be bypassed, leaving traffic unfiltered and potentially exposed, effectively a denial of privacy.

Affected Systems

Affected systems include Apple macOS operating systems, specifically those versions prior to macOS Tahoe 26.1, where the iCloud Private Relay feature is present. Users who enable multiple logins on a single machine may experience the failure to activate Private Relay until the system is updated.

Risk and Exploitability

The CVSS score of 7.5 reflects a high severity, while the EPSS score of less than 1%% indicates a very low likelihood of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation. Attackers would need to create a scenario where multiple users are logged in concurrently, which limits the attack surface largely to local or privileged users rather than remote attackers.

Generated by OpenCVE AI on April 22, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to macOS Tahoe 26.1 or later
  • Until the update, avoid having more than one user logged in simultaneously to prevent Private Relay from activating
  • Keep an eye on Apple’s support pages for any further patches or workarounds

Generated by OpenCVE AI on April 22, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Wed, 22 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title iCloud Private Relay may fail to activate when multiple users are logged in

Thu, 18 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:36.513Z

Reserved: 2025-04-16T15:27:21.194Z

Link: CVE-2025-43506

cve-icon Vulnrichment

Updated: 2025-12-16T15:23:19.261Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-12T21:15:55.630

Modified: 2025-12-18T15:01:38.910

Link: CVE-2025-43506

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:45:27Z

Weaknesses