Description
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to cause a denial-of-service.
Published: 2026-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A flaw in macOS cache handling can be leveraged by an application to initiate a denial‑of‑service condition, potentially leading to system or application crashes that render the affected service unavailable. The weakness is a resource exhaustion issue where improperly managed cache data can disrupt normal operations. The impact is primarily on availability, with no explicit mention of confidentiality or integrity compromise.

Affected Systems

Apple macOS, including Sequoia, Sonoma, and Tahoe releases. Versions older than Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.3 are affected; subsequent updates contain the fix.

Risk and Exploitability

The CVSS v3 score of 5.5 indicates medium severity, while an EPSS score of less than 1 % signals a low probability of widespread exploitation at present. The vulnerability appears to be local, requiring the attacker to run a malicious or malformed application on the target system. Based on the description, it is inferred that the vulnerability requires a locally running application to be executed by the attacker. It is not listed in the CISA KEV catalog, further suggesting limited threat activity.

Generated by OpenCVE AI on April 16, 2026 at 06:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to a patched release such as Sequoia 15.7.4, Sonoma 14.8.4, or Tahoe 26.3 or later.
  • Install all available Apple system updates via System Settings → Software Update to ensure the cache‑handling fix is applied.
  • Reboot the system after updates to activate the new cache‑handling logic.

Generated by OpenCVE AI on April 16, 2026 at 06:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Title Cache Handling Vulnerability Leading to Denial of Service in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service. The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to cause a denial-of-service.

Wed, 18 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:59.559Z

Reserved: 2025-11-11T14:43:07.857Z

Link: CVE-2026-20602

cve-icon Vulnrichment

Updated: 2026-02-18T14:55:15.611Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:04.003

Modified: 2026-04-02T19:21:08.180

Link: CVE-2026-20602

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:00:10Z

Weaknesses