Description
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Published: 2026-01-16
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive data exposure
Action: Update OS
AI Analysis

Impact

A logging issue in macOS Tahoe 26.0 allowed the disclosure of sensitive user data because log entries were not correctly redacted. The problem stems from inadequate input filtering and results in potential exposure of confidential information. The vulnerability aligns with CWE‑532, characterizing the improper handling of sensitive data in logs. An attacker could read logs containing personal data, violating privacy and confidentiality.

Affected Systems

Apple’s macOS Tahoe 26.0 is affected. All installations of macOS Tahoe at version 26.0 that have not been updated to 26.1 or later are vulnerable. Later releases, beginning with 26.1, contain the log redaction fix.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of < 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local: a malicious or compromised application running under a user’s session could read the unauthenticated logs and retrieve sensitive information. The impact is limited to the confidentiality of user data and does not involve code execution or system compromise.

Generated by OpenCVE AI on April 22, 2026 at 20:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Tahoe 26.1 or later to apply the approved log redaction fix.
  • If an immediate upgrade is not possible, block the execution of unknown or untrusted applications and limit permissions for log access, especially under the affected log files.
  • Delete or secure existing log files that may contain under‑redacted user data, ensuring they are owned by root and not readable by unprivileged users.

Generated by OpenCVE AI on April 22, 2026 at 20:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Wed, 22 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Sensitive User Data Exposure via Improper Log Redaction

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Fri, 16 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:43.781Z

Reserved: 2025-04-16T15:27:21.194Z

Link: CVE-2025-43508

cve-icon Vulnrichment

Updated: 2026-01-16T17:50:04.979Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T18:16:07.923

Modified: 2026-01-27T20:19:37.963

Link: CVE-2025-43508

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:15:20Z

Weaknesses