Description
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized network share access
Action: Immediate Patch
AI Analysis

Impact

An access issue in macOS sandbox restrictions allows an application to connect to a network share without obtaining user consent. This flaw could let malicious or unintended programs access shared resources, potentially exposing sensitive data or enabling further attacks, and it is classified as CWE‑693.

Affected Systems

The vulnerability affects Apple macOS systems. Versions requiring remediation include macOS Sequoia prior to 15.7.5, macOS Sonoma prior to 14.8.5, and macOS Tahoe prior to 26.4.

Risk and Exploitability

With a CVSS base score of 7.5, the flaw is considered high severity. The EPSS score is under 1%, indicating a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers would likely need to run a malicious or compromised application locally on the affected machine to trigger the unauthorized network connection, making the attack vector inferred rather than explicitly documented.

Generated by OpenCVE AI on March 25, 2026 at 21:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to the latest version (Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4) to apply the sandbox restriction fix.
  • Verify that the system has installed the most recent macOS updates; if updates are pending, apply them promptly.

Generated by OpenCVE AI on March 25, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Unauthorized Network Share Access via Sandbox Bypass in macOS

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:37.155Z

Reserved: 2025-11-11T14:43:07.877Z

Link: CVE-2026-20701

cve-icon Vulnrichment

Updated: 2026-03-25T15:44:28.169Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:06.757

Modified: 2026-03-25T20:02:04.257

Link: CVE-2026-20701

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:48:08Z

Weaknesses