Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Protected User Data
Action: Patch Immediately
AI Analysis

Impact

A permissions misconfiguration allows an application to read protected user data that it should not be able to access, compromising data confidentiality.

Affected Systems

Apple devices running iOS, iPadOS, and macOS before version 26.3 are impacted. The vulnerability is fixed in iOS 26.3, iPadOS 26.3, and macOS Tahoe 26.3.

Risk and Exploitability

The flaw carries a CVSS score of 7.5, indicating high severity. The EPSS score is below 1 %, suggesting current exploitation likelihood is low. It is not listed in the CISA KEV catalog. The likely attack path involves a malicious or compromised application installed on the device, which is inferred from the description.

Generated by OpenCVE AI on March 26, 2026 at 23:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to iOS 26.3, iPadOS 26.3, or macOS Tahoe 26.3 or later

Generated by OpenCVE AI on March 26, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Permissions Misconfiguration Allows Unauthorized Access to Protected User Data

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Apple OS Permission Issue Allowing Potential Access to Protected User Data

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Apple OS Permission Issue Allowing Potential Access to Protected User Data

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:36.064Z

Reserved: 2026-03-03T16:36:03.971Z

Link: CVE-2026-28855

cve-icon Vulnrichment

Updated: 2026-03-25T20:17:47.747Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:09.620

Modified: 2026-03-26T20:12:49.150

Link: CVE-2026-28855

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:40Z

Weaknesses