Description
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
Published: 2026-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Patch
AI Analysis

Impact

The vulnerability arises from improper handling of temporary files on macOS, allowing an application to read sensitive data that should have been protected or deleted. This could lead to disclosure of personal or confidential information, and the flaw is documented as CWE‑377.

Affected Systems

Apple macOS is affected, particularly versions prior to macOS Tahoe 26.3, which contain the mitigated temporary file handling. The issue is relevant to any user running these earlier releases.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate risk. The EPSS score is below 1%, reflecting a low likelihood of exploitation, and it is not listed in the KEV catalog. The likely attack vector is local; a malicious or compromised application can exploit the flaw when creating or accessing temporary files, potentially leaking user data without requiring elevated privileges.

Generated by OpenCVE AI on April 15, 2026 at 20:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26.3 (Tahoe) or later
  • Restrict application access to temporary files by enforcing sandboxing or appropriate permissions
  • Monitor and remove applications that rely on insecure temporary file usage

Generated by OpenCVE AI on April 15, 2026 at 20:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126348 cve-icon cve-icon
History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Temporary File Handling Allows App to Access User‑Sensitive Data in macOS Tahoe

Wed, 18 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-377
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:17.980Z

Reserved: 2025-11-11T14:43:07.859Z

Link: CVE-2026-20618

cve-icon Vulnrichment

Updated: 2026-02-18T15:00:44.329Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:05.367

Modified: 2026-02-18T16:22:30.783

Link: CVE-2026-20618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses