Description
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.
Published: 2026-02-11
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

A privacy issue with log entries allowed an application to read a user's contacts because sensitive data was not properly redacted. The flaw can lead to disclosure of private contact information to a capable application, violating user confidentiality. It is a type of information disclosure weakness as identified by CWE‑200.

Affected Systems

Apple macOS versions up to and including macOS Tahoe 26.3 are affected. The fix was released in macOS Tahoe 26.3, so any system running an earlier release will be vulnerable.

Risk and Exploitability

The CVSS score of 3.3 indicates a low severity, and the EPSS score of less than 1% suggests a very low probability that this flaw will be exploited in the wild. It is currently not listed in the CISA KEV catalog. The likely attack vector is a local application running with user privileges that accesses the system logs, from which the application may extract unredacted contact data. No network or privilege escalation component is known from the description, so the condition for exploitation is the presence of a privileged or otherwise trusted application on the system.

Generated by OpenCVE AI on April 15, 2026 at 20:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Tahoe 26.3 or later to receive the official private‑data‑redaction fix.
  • Verify that system logs no longer contain unredacted contact information by reviewing recent log entries for sensitive fields.
  • If an immediate OS update is not possible, restrict third‑party applications from accessing contacts or enable sandboxing to minimize data exposure.

Generated by OpenCVE AI on April 15, 2026 at 20:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126348 cve-icon cve-icon
History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Log Redaction Deficiency Exposing User Contacts

Sat, 04 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 12 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:35.844Z

Reserved: 2025-11-11T14:43:07.872Z

Link: CVE-2026-20681

cve-icon Vulnrichment

Updated: 2026-02-13T19:13:53.926Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:10.460

Modified: 2026-02-13T20:17:40.933

Link: CVE-2026-20681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses