Description
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Published: 2026-06-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logging flaw in macOS allowed an application to read sensitive user data from log files where redaction should have occurred. The primary impact is the disclosure of confidential information, which could be used by malicious actors to compromise user privacy or facilitate further attacks. The weakness involves improper filtering of sensitive data before it is written to logs, analogous to documented instances of data leakage in log files.

Affected Systems

Products affected are Apple macOS operating systems, specifically versions prior to macOS Tahoe 26.1. The issue was resolved in macOS Tahoe 26.1 and subsequent releases. Users running earlier releases remain vulnerable to potential data exposure.

Risk and Exploitability

The vulnerability is classified as an information exposure, giving attackers read access to sensitive data. There is no publicly reported exploitation technique, and the EPSS score is unavailable. The vulnerability is not listed in CISA’s KEV catalog. Since the flaw involves log data, any application that can read the system logs and is granted the necessary execution privileges on the affected system could exploit it. The CVSS score is not available, but given the potential to leak user data, the risk is considered significant until patched.

Generated by OpenCVE AI on June 11, 2026 at 22:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the macOS installation to version 26.1 or later to obtain the fix that ensures proper data redaction.
  • Modify applications so that they do not log or store sensitive information in plain text, ensuring that log output is sanitized before writing.
  • Review and adjust system log permissions to restrict read access to only trusted processes, thereby limiting potential exposure.

Generated by OpenCVE AI on June 11, 2026 at 22:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Thu, 11 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Logging Redaction Issue Allowing Access to Sensitive User Data
Weaknesses CWE-200

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 11 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T18:47:41.403Z

Reserved: 2025-04-22T21:13:49.961Z

Link: CVE-2025-46313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-11T19:16:34.603

Modified: 2026-06-11T20:51:53.840

Link: CVE-2025-46313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:15:09Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor