CVE-2026-28827 - Vulnerability Details

- Parsing Issue in Directory Path Handling Allows Sandbox Escape on macOS

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.

Published: 2026-03-25

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A parsing issue was discovered in macOS’s handling of directory paths. The flaw allows an application to validate and parse paths incorrectly, potentially permitting an attacker to break out of the application’s sandbox. This results in an elevation of privilege, allowing the malicious code to execute outside the intended restricted environment. The weakness is categorised as a classic directory traversal / path manipulation flaw and is listed as CWE‑22.

Affected Systems

The vulnerability affects Apple macOS systems. Although the exact vulnerable versions are not enumerated, the advisory indicates that recent updates – Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 – contain the fix. Consequently, earlier releases of these macOS lines that have not applied the patch are potentially at risk.

Risk and Exploitability

The CVSS score of 9.3 classifies the deficiency as critical, signalling severe impact if exploited. However, the EPSS score of less than 1 % suggests a very low probability of active attack within the near term, and the flaw is not currently listed in the CISA KEV catalog. The likely attack vector involves a malicious or compromised application running locally; an attacker would need to supply or influence the path parsing to achieve sandbox escape. Given the high severity, administrators should treat this as a priority patching item.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 14.8.5
`0`	affected	< 15.7.5
`0`	affected	< 26.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

Vendor Product Confidence Versions

Apple

Macos

100%

Version	Status	Scheme	Platform
`[0,14.8.5)`	affected	generic	—
`[0,15.7.5)`	affected	generic	—
`[0,26.4)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest macOS update (Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4)
Verify the update integrity and restart the system
Review installed applications and remove any that are untrusted or outdated
Ensure that software installation permissions are set to the minimum required for user roles
Maintain a regular update schedule to receive future critical patches

Generated by OpenCVE AI on March 26, 2026 at 18:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126795
https://support.apple.com/en-us/126796

History

Fri, 27 Mar 2026 09:30:00 +0000

Type	Values Removed	Values Added
Title		Parsing Issue in Directory Path Handling Allows Sandbox Escape on macOS

Thu, 26 Mar 2026 17:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:apple:macos::::::::

Thu, 26 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22
Metrics		cvssV3_1 `{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Title	Sandbox Escape Vulnerability in macOS Directory Path Parsing
Weaknesses	CWE-20 CWE-22

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Sandbox Escape Vulnerability in macOS Directory Path Parsing
Weaknesses		CWE-20 CWE-22

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Vendors & Products		Apple Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.
References		https://support.apple.com/en-us/126794 https://support.apple.com/en-us/126795 https://support.apple.com/en-us/126796

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-03-25T00:31:49.295Z

Updated: 2026-04-02T18:11:23.628Z

Reserved: 2026-03-03T16:36:03.968Z

Link: CVE-2026-28827

Vulnrichment

Updated: 2026-03-26T14:56:49.468Z

NVD

Status : Analyzed

Published: 2026-03-25T01:17:07.890

Modified: 2026-03-26T16:48:30.707

Link: CVE-2026-28827

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-27T09:20:12Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object