Description
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
Published: 2025-12-17
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

Improper handling of system caches allows an application to read protected user data. This creates a risk of confidential information being exposed to apps that should not have such access, potentially leaking personal or sensitive data. The weakness maps to information exposure, as it directly lets a process discover data stored in caches that are intended to be protected.

Affected Systems

Apple macOS environments are impacted, specifically versions of the macOS Tahoe release before the 26.2 update. The fix was introduced in macOS Tahoe 26.2, so any earlier Tahoe builds are vulnerable. No other Apple operating systems were explicitly listed as affected in the available data.

Risk and Exploitability

The CVSS score of 5 indicates a moderate severity vulnerability, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The vulnerability is not currently documented in the CISA KEV catalog. The likely attack scenario involves a compromised or malicious application accessing the cache to retrieve protected data; no explicit remote exploit path is described, so the threat is most pronounced in local or privileged contexts.

Generated by OpenCVE AI on April 27, 2026 at 22:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26.2 or later, which contains the cache handling fix.
  • Limit installation of unfamiliar applications and ensure Gatekeeper is enabled to block untrusted software from running.
  • Maintain a schedule for operating system updates so future patches are applied promptly.

Generated by OpenCVE AI on April 27, 2026 at 22:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125886 cve-icon cve-icon
History

Mon, 27 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Title macOS Cache Access Allows Information Disclosure

Thu, 18 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

Thu, 18 Dec 2025 20:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 18 Dec 2025 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:20.167Z

Reserved: 2025-04-22T21:13:49.958Z

Link: CVE-2025-46278

cve-icon Vulnrichment

Updated: 2025-12-18T19:09:33.765Z

cve-icon NVD

Status : Modified

Published: 2025-12-17T21:16:13.247

Modified: 2025-12-18T20:15:56.120

Link: CVE-2025-46278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:15:15Z

Weaknesses