Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

A logic issue within macOS allows an application to bypass security checks and access user data that it should not be able to read. The flaw is categorized as a privilege‑elevation weakness, potentially enabling an attacker to obtain sensitive information from the affected device. The impact is the unauthorized disclosure of data, which could lead to privacy violations or compromise of user files.

Affected Systems

Apple macOS systems running versions prior to macOS Tahoe 26.4 are affected. The issue was identified and fixed in the 26.4 update; any macOS releases before that version may still contain the logic flaw.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact, but the EPSS score of less than 1% suggests that real‑world exploitation is currently rare. The flaw does not appear in the CISA KEV catalog, further indicating that widespread exploitation is not yet observed. The likely attack vector is local: a malicious or compromised app executed on the user's machine could read protected data. Administrators should assess whether applications on the system could be tampered with and whether the risk of data exposure outweighs the likelihood of exploitation.

Generated by OpenCVE AI on March 26, 2026 at 14:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to version 26.4 or later to apply the fix.

Generated by OpenCVE AI on March 26, 2026 at 14:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126794 cve-icon cve-icon
History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title macOS App May Access Sensitive User Data Due to Logic Issue

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Logic Error Allows Unauthorized Access to Sensitive User Data in macOS
Weaknesses CWE-285

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Logic Error Allows Unauthorized Access to Sensitive User Data in macOS
Weaknesses CWE-285

Wed, 25 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:12.532Z

Reserved: 2026-03-03T16:36:03.969Z

Link: CVE-2026-28837

cve-icon Vulnrichment

Updated: 2026-03-25T20:23:26.784Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:08.690

Modified: 2026-03-25T21:28:57.770

Link: CVE-2026-28837

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:19:58Z

Weaknesses