Description
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An attacker with root privileges may be able to delete protected system files.
Published: 2026-03-25
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: File Deletion
Action: Immediate Patch
AI Analysis

Impact

An attacker who already has root privileges on a macOS system can delete protected system files because the operating system assigns improper permissions during state management. This flaw allows removal of files that should be immutable, directly compromising system integrity and potentially leading to instability or service interruption.

Affected Systems

Apple macOS installations older than macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, or macOS Tahoe 26.4 are affected. The issue is fixed in those versions and later.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, and an EPSS score of under 1% signals a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local root access; without that privilege the flaw cannot be leveraged, making remote exploitation unlikely. If an attacker gains root, they can delete critical system files, potentially causing system failure or requiring a costly recovery.

Generated by OpenCVE AI on March 26, 2026 at 00:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS update (Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4) on vulnerable systems.
  • If an update is not immediately available, limit the use of untrusted software running with root privileges and monitor system logs for unexpected file deletions.
  • Use system integrity verification tools to detect unauthorized file changes and perform regular backups for rapid recovery.

Generated by OpenCVE AI on March 26, 2026 at 00:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Root Privilege File Deletion via Improper Permission Assignment in macOS

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Root Privilege File Deletion via Improper Permission Assignment in macOS

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-732
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An attacker with root privileges may be able to delete protected system files.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:11:12.197Z

Reserved: 2025-11-11T14:43:07.876Z

Link: CVE-2026-20693

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:06.117

Modified: 2026-03-25T21:32:05.030

Link: CVE-2026-20693

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:18:22Z

Weaknesses