A permission flaw in macOS permits applications lacking a proper developer signature to bypass Gatekeeper, enabling local execution of binaries that would otherwise be blocked. The weakness arises from unauthorized changes to file permissions and a failure to enforce Gatekeeper rules correctly, corresponding to CWE-284 (Access Control). Consequently, any user or malicious entity with local access can run unsigned code, undermining the operating system’s integrity safeguards.

Apple macOS versions released before the 26.4 update are affected. The issue was addressed by adding restrictions in macOS Tahoe 26.4; any build older than 26.4 that has not been patched remains vulnerable.

The CVSS score of 3.3 indicates a low severity impact when considered alone, and the EPSS score of less than 1% shows that exploitation is currently unlikely. The CVE is not listed in CISA’s KEV catalog. Based on the description, the attack vector is local execution; a user who can place an unsigned application on the system can launch it, bypassing Gatekeeper. While the vulnerability does not grant remote code execution or privilege escalation beyond the app’s requested permissions, it breaks a key defense that normally restricts software origins.