Description
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
Published: 2026-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to user-sensitive data
Action: Apply Update
AI Analysis

Impact

The vulnerability is a flaw in the handling of temporary files on macOS, allowing an application to read or write data that should have remained private. The issue is classified as an information exposure weakness (CWE‑922). An attacker could gain access to user‑sensitive information through a malicious or compromised app that manipulates temporary file creation or access. The impact is a breach of confidentiality, exposing data that users expect to be safeguarded.

Affected Systems

Apple’s macOS operating system, specifically versions of macOS Tahoe that precede 26.3, is affected. The flaw was addressed in the 26.3 update, so installations of 26.3 or newer are considered fixed.

Risk and Exploitability

The CVSS base score of 5.5 indicates a moderate severity. The EPSS score is very low (<1 %), meaning the likelihood of exploitation in the wild is currently minimal, and the flaw is not listed in the CISA KEV catalog. Based on the description, the vulnerable code is accessed locally by apps that run on the system, so the attack surface is limited to local or malicious applications. An attacker would need to influence temporary file creation or access controls to exploit the flaw, making real‑world exploitation unlikely at present.

Generated by OpenCVE AI on April 16, 2026 at 06:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS 26.3 or later to address the temporary file handling flaw.
  • Ensure applications store sensitive data in secure, non‑temporary locations or use sandboxed temporary directories.
  • Enable sandboxing or application protection features to restrict untrusted apps from accessing system temporary files.

Generated by OpenCVE AI on April 16, 2026 at 06:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126348 cve-icon cve-icon
History

Thu, 16 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Title Improper Temporary File Handling Allows Sensitive Data Access in macOS Tahoe

Tue, 17 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Tue, 17 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:27:14.235Z

Reserved: 2025-11-11T14:43:07.860Z

Link: CVE-2026-20629

cve-icon Vulnrichment

Updated: 2026-02-12T15:32:45.699Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:06.417

Modified: 2026-02-17T16:20:27.980

Link: CVE-2026-20629

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:00:10Z

Weaknesses