Description
An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.
Published: 2026-05-18
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows an attacker located on a privileged network to leak sensitive information by exploiting a path handling flaw in Apple Private Cloud Compute Server Software. The flaw involves improper input and path validation that can lead to unintended disclosure of data. The issue was corrected through enhanced validation in release 5E290.3.

Affected Systems

Apple Private Cloud Compute Server Software, any release prior to 5E290.3. The fix is included in PCC Release 5E290.3.

Risk and Exploitability

The vulnerability has a CVSS base score of 6.5, indicating medium severity, and is not currently listed in the CISA KEV catalog. No EPSS score is available, so the exploit probability is unknown. A likely attack vector would be through a privileged network position that can interact with the service, allowing an attacker to craft a request that triggers the path handling flaw. Both CWE-20 and CWE-22 weaknesses enable the disclosure.

Generated by OpenCVE AI on May 18, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to PCC Release 5E290.3 or later to incorporate the fix for the path handling flaw.
  • Limit privileged network access to the Apple Private Cloud Compute Service or place the service in a segregated network segment to reduce exposure.
  • Enable detailed logging and monitor for anomalous file read or path traversal attempts to detect potential exploitation.

Generated by OpenCVE AI on May 18, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Privileged Network Path Handling Flaw Allows Sensitive Information Leak in Apple Private Cloud Compute

Mon, 18 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Privileged Network Information Leakage via Path Handling Issue
Weaknesses CWE-200

Mon, 18 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Privileged Network Information Leakage via Path Handling Issue
Weaknesses CWE-200

Mon, 18 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-22
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 18 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-18T16:02:28.465Z

Reserved: 2025-11-11T14:43:07.873Z

Link: CVE-2026-20685

cve-icon Vulnrichment

Updated: 2026-05-18T16:02:16.361Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-18T16:16:29.570

Modified: 2026-05-18T17:44:14.880

Link: CVE-2026-20685

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T20:00:13Z

Weaknesses