Description
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Apply Patch
AI Analysis

Impact

A buffer overflow exists due to insufficient bounds checking. The weakness is CWE‑122. Exploitation may corrupt memory and cause unexpected application termination. If memory corruption can be directed, it could break isolation and lead to further compromise.

Affected Systems

Apple macOS is affected. The issue is fixed in macOS Tahoe 26.4, so any earlier releases are vulnerable. Users running older macOS versions should consider upgrading.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity while the EPSS score of less than 1% shows low exploitation likelihood. The vulnerability is not’s KEV catalog. No official attack vector is documented; however, buffer overflows commonly require local access or a malicious payload within the affected application, so the attack vector is inferred to be local or user‑initiated.

Generated by OpenCVE AI on March 26, 2026 at 15:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS update to version 26.4 or later
  • Verify the update was installed successfully
  • Restart the system for changes to take effect
  • Monitor for any unexpected application crashes after the update

Generated by OpenCVE AI on March 26, 2026 at 15:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126794 cve-icon cve-icon
History

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Causing Memory Corruption in macOS Tahoe

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title macOS Tahoe Buffer Overflow Leading to Memory Corruption
Weaknesses CWE-119
CWE-787

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title macOS Tahoe Buffer Overflow Leading to Memory Corruption
Weaknesses CWE-119
CWE-787

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 25 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:21:27.135Z

Reserved: 2026-03-03T16:36:03.969Z

Link: CVE-2026-28842

cve-icon Vulnrichment

Updated: 2026-03-25T19:55:46.081Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:09.080

Modified: 2026-03-26T14:12:42.167

Link: CVE-2026-28842

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:33Z

Weaknesses