Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.
Published: 2026-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Protected User Data
Action: Apply Update
AI Analysis

Impact

A permissions flaw allows an application to access data that should be protected. The weakness stems from improper restriction of operations, with the app gaining access to user data it normally could not read. The consequence is a breach of confidentiality for sensitive personal information, potentially exposing private files or settings.

Affected Systems

Apple macOS versions prior to macOS Tahoe 26.3 are affected. The vulnerability was fixed in the 26.3 update, so any system running an earlier patch level is vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector involves a local or application‑level attack where a malicious or compromised app is given elevated privileges. No remote network exploitation is explicitly documented, so the risk profile centers on the presence of the vulnerable app on the system.

Generated by OpenCVE AI on April 16, 2026 at 01:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to version 26.3 or later to apply the approved permission restrictions.
  • Remove or revoke elevated privileges for any third‑party applications that may access protected data.
  • Enable System Integrity Protection or enforce sandbox profiles to limit application access to user data.

Generated by OpenCVE AI on April 16, 2026 at 01:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126348 cve-icon cve-icon
History

Thu, 16 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Title macOS Permission Restriction Bypass Enables Unauthorized Access to Protected User Data

Thu, 12 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-277
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:10.016Z

Reserved: 2025-11-11T14:43:07.860Z

Link: CVE-2026-20630

cve-icon Vulnrichment

Updated: 2026-02-12T16:03:32.354Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-11T23:16:06.510

Modified: 2026-02-12T22:04:44.013

Link: CVE-2026-20630

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:15:20Z

Weaknesses