Description
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.
Published: 2026-03-25
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Access to sensitive user data
Action: Immediate Update
AI Analysis

Impact

Apple reported a privacy flaw involving improper handling of temporary files, which allows a malicious application to read data that should remain confidential. The weakness is classified as CWE‑377, reflecting inadequate protection of temporary data. If exploited, an attacker could gain unauthorized access to user information stored in these temporary locations, potentially leading to privacy leaks without affecting system integrity or availability.

Affected Systems

The vulnerability impacts macOS across all releases older than macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, and macOS Tahoe 26.3. Users running any of those older versions are at risk until they upgrade to a fixed release.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity, while an EPSS score below 1 % suggests low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves a local application that can access the temporary file system, implying that attackers need to run code on the affected device or trick users into opening a malicious app.

Generated by OpenCVE AI on March 25, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to the latest releases (macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, or macOS Tahoe 26.3) or later.

Generated by OpenCVE AI on March 25, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Privacy Vulnerability in macOS Temporary File Handling

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-377
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:07:21.915Z

Reserved: 2025-11-11T14:43:07.864Z

Link: CVE-2026-20651

cve-icon Vulnrichment

Updated: 2026-03-25T19:06:29.393Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:04.743

Modified: 2026-03-25T21:32:39.113

Link: CVE-2026-20651

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:18:34Z

Weaknesses