Description
A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files.
Published: 2026-03-25
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation / Unauthorized System Modification
Action: Immediate Patch
AI Analysis

Impact

A path handling issue in macOS allows an application running with root privileges to delete protected system files. The vulnerability is a weak access control (CWE‑284) that can remove critical files, potentially rendering the operating system unstable or causing denial of service. The compromise is limited to processes that already have elevated privileges.

Affected Systems

Apple macOS versions prior to macOS Tahoe 26.4 are affected. The issue was fixed in macOS Tahoe 26.4 and later releases.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, while the EPSS score of less than 1 % and absence from the KEV catalog suggest a low likelihood of widespread exploitation. Attackers would need to install or run a malicious application with root rights; unprivileged users cannot trigger the flaw. Once an attacker has root, deleting system files can lead to loss of confidentiality, integrity, and availability of the system.

Generated by OpenCVE AI on March 25, 2026 at 21:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS Tahoe 26.4 update or later to eliminate the path handling flaw.
  • Verify that only trusted applications run with root privileges.
  • Use built‑in integrity verification tools to detect unexpected changes to protected system files.
  • Monitor logs for events indicating privileged file deletions.

Generated by OpenCVE AI on March 25, 2026 at 21:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126794 cve-icon cve-icon
History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Path Handling Bug Enabling Deletion of Protected System Files in macOS

Wed, 25 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:47.064Z

Reserved: 2026-03-03T16:36:03.968Z

Link: CVE-2026-28823

cve-icon Vulnrichment

Updated: 2026-03-25T19:45:07.933Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:07.493

Modified: 2026-03-25T20:29:05.337

Link: CVE-2026-28823

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:48:15Z

Weaknesses