Description
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A sandboxed process may be able to circumvent sandbox restrictions.
Published: 2026-03-25
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox restrictions bypass leading to potential privilege escalation
Action: Immediate Patch
AI Analysis

Impact

A race condition in macOS allows a sandboxed process to circumvent the sandbox’s intended restrictions. The flaw originates from a timing issue in state handling, enabling the process to perform actions it should not be permitted to execute. This can lead to unauthorized access to protected resources, potentially compromising data confidentiality and system integrity.

Affected Systems

Apple macOS is affected, specifically macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Versions of macOS older than those listed or other Apple operating systems are not mentioned as affected.

Risk and Exploitability

The vulnerability has a CVSS score of 8.1, indicating high severity, but its EPSS score is below 1%, suggesting low exploitation likelihood. Affected users are not listed in the CISA KEV catalog. The most likely attack vector is local, involving a sandboxed process that gains elevated privileges. Administrators should consider the seriousness of the flaw despite its low probability of exploitation, and prioritize mitigating it with the available patches.

Generated by OpenCVE AI on March 25, 2026 at 20:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to at least Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4
  • Verify that all system updates have been applied and confirm the macOS version using system settings
  • If an immediate patch is not feasible, isolate or limit sandboxed processes until the update is applied
  • Monitor Apple support channels and advisories for any additional information or future patches

Generated by OpenCVE AI on March 25, 2026 at 20:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Sandbox Bypass via Race Condition in macOS

Wed, 25 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A sandboxed process may be able to circumvent sandbox restrictions.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:27.903Z

Reserved: 2026-03-03T16:36:03.967Z

Link: CVE-2026-28817

cve-icon Vulnrichment

Updated: 2026-03-25T14:34:01.086Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:06.980

Modified: 2026-03-25T20:52:51.803

Link: CVE-2026-28817

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:27:41Z

Weaknesses