Description
A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to protected file system.
Action: Patch macOS
AI Analysis

Impact

A flaw in macOS’s file‑system access validation permits reading or modifying protected parts of the system, potentially compromising confidential data and system integrity.

Affected Systems

Apple macOS versions prior to macOS Tahoe 26.4 are affected. The fix is included in macOS Tahoe 26.4, so all earlier releases may be vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score of less than 1 % suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description the attack vector is local or requires authenticated file‑system access; remote exploitation is not described. Consequently, risk remains moderate, with the greatest threat stemming from users who have local or elevated privileges.

Generated by OpenCVE AI on March 27, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to macOS Tahoe 26.4 or later
  • Verify that file permissions on sensitive directories are correctly configured
  • Monitor system logs for unauthorized file access incidents
  • Consult Apple support advisories for additional guidance

Generated by OpenCVE AI on March 27, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126794 cve-icon cve-icon
History

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title macOS File System Access Validation Flaw Enabling Unauthorized Access
Weaknesses CWE-284

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title macOS Privilege Escalation via Improper File System Access
Weaknesses CWE-22
CWE-284

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title macOS Privilege Escalation via Improper File System Access
Weaknesses CWE-22
CWE-284

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title File Access Control Bypass on macOS Tahoe
Weaknesses CWE-284

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title File Access Control Bypass on macOS Tahoe
Weaknesses CWE-284

Wed, 25 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-07T21:50:53.120Z

Reserved: 2026-03-03T16:36:03.970Z

Link: CVE-2026-28844

cve-icon Vulnrichment

Updated: 2026-03-25T14:25:40.408Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:09.180

Modified: 2026-03-25T18:29:51.020

Link: CVE-2026-28844

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:28:32Z

Weaknesses