Description
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.
Published: 2026-05-26
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in macOS allows a malicious application to gain root privileges by exploiting insufficient validation when two concurrent operations modify shared state. The vulnerability enables an attacker to execute privileged commands after the race resolves, presenting a classic privilege escalation scenario anchored in race condition weaknesses.

Affected Systems

Apple macOS is affected. The flaw exists in versions prior to macOS Sequoia 15.7 and macOS Tahoe 26; the fix is included in those releases. No specific product line beyond the OS is named, and the error originates at the system kernel level.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, yet the potential to obtain root gives it substantial theoretical impact. The CVSS score is 7, indicating high severity. Based on the description, the likely attack vector is local or requires an application capable of triggering the race; no remote exploitation has been documented. Given the severity of gaining root, the risk is high until the update is applied, though the lack of an exploit estimate makes the likelihood uncertain.

Generated by OpenCVE AI on May 27, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.7 or macOS Tahoe 26 to receive the race‑condition fix
  • Reboot the system after applying the update so the kernel reloads the corrected code
  • Audit logs for unexpected privilege‑escalation activity and shadow any applications that may invoke the race until the OS update is completed

Generated by OpenCVE AI on May 27, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 27 May 2026 02:15:00 +0000

Type Values Removed Values Added
Title Race Condition Allows Privilege Escalation to Root in macOS

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Race Condition Allows Privilege Escalation to Root in macOS
First Time appeared Apple
Apple macos
Weaknesses CWE-362
Vendors & Products Apple
Apple macos

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-28T03:55:23.965Z

Reserved: 2025-04-22T21:13:49.958Z

Link: CVE-2025-46284

cve-icon Vulnrichment

Updated: 2026-05-27T00:11:00.682Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T22:16:41.537

Modified: 2026-06-17T09:26:09.947

Link: CVE-2025-46284

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T02:00:13Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')