Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.
Published: 2025-12-17
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox escape potentially allowing an application to gain unauthorized system privileges
Action: Patch Now
AI Analysis

Impact

A logic flaw in macOS Tahoe allowed an application to break out of its sandbox. The vulnerability represents a protection mechanism failure (CWE-693) that could let a user or attacker gain escalated access to the operating system, compromising confidentiality, integrity, and availability.

Affected Systems

Apple macOS Tahoe versions earlier than 26.2 are affected. The fix was introduced in macOS Tahoe 26.2, so all installations running 26.1 or older are susceptible.

Risk and Exploitability

The vulnerability received a CVSS score of 8.4, indicating high severity, yet its EPSS score is below 1% and it is not listed in the CISA KEV catalog, implying a low probability of exploitation. The likely attack vector is an app that has already been installed or run on the vulnerable system; once executed, the logic issue could be leveraged to escape the sandbox and conduct further malicious activity.

Generated by OpenCVE AI on April 22, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system to macOS Tahoe 26.2 or a later release that includes the fix
  • If an immediate update is not possible, disable or remove untrusted third‑party applications that could abuse the flaw
  • Enable Gatekeeper and ensure all apps are notarized and signed to reduce the chance of executing malicious code
  • Monitor system logs for sandbox failures or unexpected privilege escalations
  • Consider applying local file or network filtering to limit the impact of a potential sandbox escape

Generated by OpenCVE AI on April 22, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125886 cve-icon cve-icon
History

Wed, 22 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Title macOS Sandbox Escape via Logic Issue

Thu, 18 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 18 Dec 2025 20:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Thu, 18 Dec 2025 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:30.726Z

Reserved: 2025-04-22T21:13:49.958Z

Link: CVE-2025-46281

cve-icon Vulnrichment

Updated: 2025-12-18T19:08:41.677Z

cve-icon NVD

Status : Modified

Published: 2025-12-17T21:16:13.440

Modified: 2025-12-18T20:15:56.410

Link: CVE-2025-46281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:30:26Z

Weaknesses