Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds read caused by insufficient bounds checking in macOS. If triggered, it can lead to abrupt system termination, potentially crashing critical processes or the entire operating system. Based on the description, it is inferred that an attacker could trigger the fault via a malicious application; no remote or network attack vector is explicitly mentioned. The primary consequence is loss of availability rather than confidentiality or integrity.

Affected Systems

Any macOS installation smaller than version Tahoe 26 is affected. The fix is referenced as being applied in macOS Tahoe 26; earlier releases have not incorporated the necessary bounds checking.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting that active exploitation is not documented. Nonetheless, the potential to cause system termination is significant; a successful exploit would stop services and affect all users on the affected machine. Without a known public exploit, the immediate risk is moderate, but the impact remains severe. An attacker could deliver a crafted application or exploit the flaw during execution to trigger the crash.

Generated by OpenCVE AI on May 27, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS Tahoe 26 update that includes the bounds‑checking fix
  • If the update cannot be applied immediately, reduce exposure by disabling or removing untrusted third‑party applications that may trigger the fault
  • Monitor Apple support channels and advisories for further mitigation guidance

Generated by OpenCVE AI on May 27, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125110 cve-icon cve-icon
History

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 27 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Causing Unexpected System Termination on macOS

Wed, 27 May 2026 03:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Leading to Unexpected System Termination in macOS
Weaknesses CWE-129

Wed, 27 May 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Leading to Unexpected System Termination in macOS
First Time appeared Apple
Apple macos
Weaknesses CWE-129
Vendors & Products Apple
Apple macos

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-27T00:16:02.413Z

Reserved: 2025-04-22T21:13:49.958Z

Link: CVE-2025-46280

cve-icon Vulnrichment

Updated: 2026-05-27T00:15:51.894Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T22:16:41.423

Modified: 2026-06-17T09:26:09.387

Link: CVE-2025-46280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T04:30:16Z

Weaknesses