Description
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.
Published: 2026-03-25
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Patch
AI Analysis

Impact

A buffer overflow in macOS was discovered; the overflow may corrupt memory and cause unexpected application termination. The weakness stems from insufficient size validation during buffer handling, identified as a CWE-120 type vulnerability. The impact is primarily instability and possible corruption of data in memory, rather than immediate execution of malicious code.

Affected Systems

The affected systems are Apple macOS installations running versions prior to macOS Tahoe 26.4, the version that includes the fix for the buffer overflow. Vendors or administrators should verify the macOS version on all affected machines and plan the applicable update.

Risk and Exploitability

The CVSS score of 6.2 places this vulnerability in the medium severity range. The EPSS score is less than 1%, indicating a low probability of exploitation in the wild, and it is not listed in the CISA KEV catalog. The attack vector is not explicitly stated in the available data; it is likely local or requires a user-supplied payload, but detailed exploitation scenarios are not provided.

Generated by OpenCVE AI on March 25, 2026 at 20:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS update 26.4 or later to address the buffer overflow

Generated by OpenCVE AI on March 25, 2026 at 20:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126794 cve-icon cve-icon
History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in macOS Causing Memory Corruption and Application Crash

Wed, 25 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:36.304Z

Reserved: 2026-03-03T16:36:03.969Z

Link: CVE-2026-28841

cve-icon Vulnrichment

Updated: 2026-03-25T15:02:19.184Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:08.987

Modified: 2026-03-25T20:52:06.887

Link: CVE-2026-28841

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:56:35Z

Weaknesses