Description
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
Published: 2026-05-12
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inconsistent user interface state management can allow an application to access sensitive user data, exposing personal information to an attacker. The vulnerability is a classic case of data exposure that could lead to privacy violations and potential misuse of personal data. This weakness aligns with CWE‑200, which highlights improper protection of data from unauthorized disclosure.

Affected Systems

The vulnerability affects Apple iOS and iPadOS devices running versions prior to iOS 18.7.3, iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. Any device using those firmware releases is potentially vulnerable.

Risk and Exploitability

The exploit requires a vulnerable operating system version and an application that triggers the inconsistent UI state. Based on the description, it is inferred that the attack vector involves such an application; the vulnerability is not exploitable via external network inputs. Although no EPSS score is available and the issue is not listed in the CISA KEV catalog, the potential for unauthorized data exposure renders this issue medium‑to‑high risk. Attackers can likely trigger the vulnerability through normal app use, meaning the risk is non‑negligible even without a publicly known exploit.

Generated by OpenCVE AI on May 12, 2026 at 20:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 18.7.3 or later, or iPadOS 18.7.3 or later, to apply the security fix.
  • If an immediate OS update is unavailable, refrain from installing new applications, especially from third‑party sources, until a patched OS version is installed.
  • Stay informed by regularly reviewing Apple’s security advisories and applying any subsequent updates.

Generated by OpenCVE AI on May 12, 2026 at 20:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125884 cve-icon cve-icon
History

Tue, 12 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ios And Ipados
Vendors & Products Apple ios And Ipados

Tue, 12 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title App may access sensitive user data due to inconsistent UI state in iOS and iPadOS
Weaknesses CWE-200

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T22:18:49.691Z

Reserved: 2025-04-22T21:13:49.961Z

Link: CVE-2025-46311

cve-icon Vulnrichment

Updated: 2026-05-12T18:50:46.014Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:16:35.577

Modified: 2026-05-12T19:47:22.873

Link: CVE-2025-46311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:30:26Z

Weaknesses