Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
Published: 2026-03-25
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A logic issue in macOS allows a local user to perform operations with elevated privileges, effectively granting them administrative or system-level access. The flaw stems from missing validation checks, enabling an attacker to execute code or commands with higher authority than intended. If exploited, an attacker could modify system files, install persistent malware, or otherwise compromise the confidentiality, integrity, and availability of the affected machine.

Affected Systems

macOS installations that have not been updated to macOS Tahoe 26.4 remain vulnerable. Any release prior to that patch level is at risk when no newer update has been applied.

Risk and Exploitability

With a CVSS score of 8.4 the vulnerability is considered critical. An EPSS score below 1% indicates a low probability of exploitation in the near term, and the flaw is not listed in CISA’s KEV catalog. The issue appears to be local, requiring an attacker to have access to a user account on the device. Exploitation does not require external tools, making it relatively straightforward for a malicious local user.

Generated by OpenCVE AI on March 27, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26.4 or later
  • Verify that the update has been successfully applied by checking the system version

Generated by OpenCVE AI on March 27, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126794 cve-icon cve-icon
History

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Logic Error in macOS
Weaknesses CWE-269
CWE-284

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation Vulnerability in macOS Tahoe due to Logic Issue
Weaknesses CWE-284

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation Vulnerability in macOS Tahoe due to Logic Issue
Weaknesses CWE-284

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation Logic Error in macOS Tahoe 26.4
Weaknesses CWE-269

Wed, 25 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation Logic Error in macOS Tahoe 26.4
Weaknesses CWE-269

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:00.223Z

Reserved: 2025-11-11T14:43:07.860Z

Link: CVE-2026-20631

cve-icon Vulnrichment

Updated: 2026-03-26T13:17:57.212Z

cve-icon NVD

Status : Modified

Published: 2026-03-25T01:17:04.003

Modified: 2026-03-26T14:16:09.080

Link: CVE-2026-20631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:28:38Z

Weaknesses