Description
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Published: 2026-06-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logging flaw in macOS allowed an application to read sensitive user data from log files where redaction should have occurred. The primary impact is the disclosure of confidential information, which could be used by malicious actors to compromise user privacy or facilitate further attacks. The weakness involves improper filtering of sensitive data before it is written to logs, analogous to documented instances of data leakage in log files.

Affected Systems

Products affected are Apple macOS operating systems, specifically versions prior to macOS Tahoe 26.1. The issue was resolved in macOS Tahoe 26.1 and subsequent releases. Users running earlier releases remain vulnerable to potential data exposure.

Risk and Exploitability

The vulnerability is classified as an information exposure, giving attackers read access to sensitive data. There is no publicly reported exploitation technique, and the EPSS score is < 1%. The vulnerability is not listed in CISA’s KEV catalog. Since the flaw involves log data, any application that can read the system logs and is granted the necessary execution privileges on the affected system could exploit it. The CVSS score of 5.5 indicates a moderate level of risk, yet the potential to leak user data remains significant until patched.

Generated by OpenCVE AI on June 13, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the macOS installation to version 26.1 or later to obtain the fix that ensures proper data redaction.
  • Modify applications so that they do not log or store sensitive information in plain text, ensuring that log output is sanitized before writing.
  • Review and adjust system log permissions to restrict read access to only trusted processes, thereby limiting potential exposure.

Generated by OpenCVE AI on June 13, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Mon, 15 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Sat, 13 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title macOS Log Redaction Failure Exposes Sensitive Data

Sat, 13 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Logging Redaction Issue Allowing Access to Sensitive User Data
Weaknesses CWE-200

Fri, 12 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Logging Redaction Issue Allowing Access to Sensitive User Data
Weaknesses CWE-200

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-12T21:24:23.485Z

Reserved: 2025-04-22T21:13:49.961Z

Link: CVE-2025-46313

cve-icon Vulnrichment

Updated: 2026-06-12T21:24:19.124Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-11T19:16:34.603

Modified: 2026-06-15T14:24:49.210

Link: CVE-2025-46313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T02:00:08Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File