Description
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic issue was identified in macOS that may enable an application to read sensitive user data. The flaw is a flaw in internal restrictions, not a direct vulnerability such as exploit code, but it could allow privileged operations otherwise unavailable to applications. The primary impact is the potential leakage or compromise of confidential information stored on the device. The weakness underlying this issue is improper authorization checks, which would allow an app to perform actions it should not be able to perform.

Affected Systems

The affected product is Apple macOS. Versions prior to macOS Tahoe 26 are impacted. The fix has been introduced in macOS Tahoe 26, so any installations older than that version are susceptible.

Risk and Exploitability

The EPSS score remains unavailable, and the vulnerability is not listed in CISA KEV. The CVSS score of 5.5 indicates medium severity, suggesting that while the flaw is not high‑risk, it can still lead to unauthorized access to sensitive data. Because there is no publicly disclosed exploitation evidence, the exact likelihood of exploitation cannot be quantified. Nevertheless, the logic flaw could be leveraged if an attacker can install a malicious application or otherwise manipulate the restricted area; the description implies that the application could access data that should be protected.

Generated by OpenCVE AI on May 27, 2026 at 04:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26 Tahoe or later, which contains the logic fixes
  • Ensure all applications are obtained from trusted sources and reviewed for malicious behavior
  • Enable and enforce App Sandbox or equivalent application isolation techniques
  • Monitor system logs for unexpected data access attempts and investigate any anomalies

Generated by OpenCVE AI on May 27, 2026 at 04:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125110 cve-icon cve-icon
History

Wed, 27 May 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 27 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Logic Issue Allowing App Access to Sensitive User Data on macOS

Wed, 27 May 2026 03:15:00 +0000

Type Values Removed Values Added
Title Logic flaw enables application to access sensitive user data
Weaknesses CWE-20
CWE-285

Wed, 27 May 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Logic flaw enables application to access sensitive user data
First Time appeared Apple
Apple macos
Weaknesses CWE-20
CWE-285
Vendors & Products Apple
Apple macos

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-27T00:17:54.575Z

Reserved: 2025-04-22T21:13:49.960Z

Link: CVE-2025-46307

cve-icon Vulnrichment

Updated: 2026-05-27T00:17:46.151Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T22:16:41.640

Modified: 2026-06-17T09:26:13.300

Link: CVE-2025-46307

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T04:30:16Z

Weaknesses