Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow that results from insufficient bounds checking, classified as CWE-121. A remote attacker can trigger an unexpected system crash by sending crafted input to the vulnerable component. The failure does not provide direct privilege escalation, but it causes the operating system to terminate, leading to a denial of service.

Affected Systems

Apple macOS systems running versions earlier than macOS Sequoia 15.7.7 or macOS Tahoe 26.5 are susceptible. The issue has been fixed in those newer releases.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating high severity. Exploitation requires remote delivery of malicious input, as implied by the description. Because the EPSS score is <1% and the vulnerability is not listed in the CISA KEV catalog, it may not yet see widespread use, but the severe impact of a system crash makes it a high‑priority concern. The likely attack vector involves network‑based delivery or any remote interface that processes external data.

Generated by OpenCVE AI on May 12, 2026 at 18:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.7.7, Tahoe 26.5, or later releases to apply the bounds‑checking fix
  • If an update cannot be applied immediately, restrict network exposure to components that may process external input and monitor system logs for abnormal termination events
  • Configure automatic system updates and enable crash reporting so the OS restarts promptly after a crash and logs are collected for analysis

Generated by OpenCVE AI on May 12, 2026 at 18:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Leading to System Crash in macOS Sequoia and Tahoe
Weaknesses CWE-119
CWE-120

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Leading to System Crash in macOS Sequoia and Tahoe
Weaknesses CWE-119
CWE-120

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T13:50:59.115Z

Reserved: 2026-03-03T16:36:03.970Z

Link: CVE-2026-28848

cve-icon Vulnrichment

Updated: 2026-05-12T13:50:55.044Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:51.607

Modified: 2026-05-12T15:46:16.207

Link: CVE-2026-28848

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T18:45:05Z

Weaknesses