Description
The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.
Published: 2026-01-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability is a bounds check failure in Apple’s Keynote, iOS, iPadOS, and macOS that occurs when processing specially crafted Keynote files. It can let an attacker read arbitrary memory contents from the process handling the file, potentially exposing sensitive data such as credentials or personal information. The flaw corresponds to CWE‑125, an out‑of‑bounds read.

Affected Systems

Affected products include Apple Keynote version 15 and earlier, iOS and iPadOS versions prior to 26, and macOS earlier than Tahoe 26. Apple has documented the issue for all four products and released fixes in the latest updates for each platform.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate risk, and the EPSS score of less than 1% suggests that exploitation is not widespread. The flaw is not listed in the CISA KEV catalog, implying that no known campaigns target it. An attacker would need to deliver a malicious Keynote file—likely from an untrusted source—to trigger the memory disclosure. Because the vulnerability affects confidentiality only, the overall impact is limited to potential data leakage.

Generated by OpenCVE AI on April 22, 2026 at 20:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Keynote to version 15.1 or later and install the latest iOS, iPadOS, and macOS software updates (including versions 26 and Tahoe 26) to apply the bounds‑check fix.
  • Avoid opening or executing Keynote files from untrusted or unknown sources until the updates are installed.
  • Configure macOS Gatekeeper or iOS app‑store security settings to enforce stricter document handling policies, reducing the chance that a malicious file is processed.

Generated by OpenCVE AI on April 22, 2026 at 20:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Bounds Check Failure in Keynote Allows Memory Disclosure

Wed, 25 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents. The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.

Fri, 30 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 29 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Apple keynote
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple ios
Apple ipad Os
Apple keynote
Apple macos
Apple macos Tahoe

Wed, 28 Jan 2026 17:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Keynote Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:08.892Z

Reserved: 2025-04-22T21:13:49.960Z

Link: CVE-2025-46306

cve-icon Vulnrichment

Updated: 2026-01-29T16:04:39.151Z

cve-icon NVD

Status : Modified

Published: 2026-01-28T18:16:49.213

Modified: 2026-03-25T16:16:07.830

Link: CVE-2025-46306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:15:20Z

Weaknesses