Description
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
Published: 2026-03-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability stems from insufficient redaction of private data in system logs, allowing applications to view user‑sensitive information. It is classified as Improper Access Control. While the description does not detail a direct path to altering system state, the exposure of confidential data could facilitate further attacks if leveraged by a malicious actor.

Affected Systems

Apple macOS platforms are affected, specifically versions running before the public fixes: prior to macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Users on these releases remain vulnerable.

Risk and Exploitability

With a CVSS score of 5.3, the vulnerability is of moderate severity, and an EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. Exploitation appears to require a local or privileged app that can read system logs, suggesting a local or privileged‑user vector. Attackers could obtain read access to sensitive data such as credentials or personal information, impacting confidentiality.

Generated by OpenCVE AI on March 26, 2026 at 14:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to at least 15.7.5 for Sequoia, 14.8.5 for Sonoma, or 26.4 for Tahoe. If a full OS update is not feasible, apply the specific security update package that addresses this issue. Take a backup before updating, then verify the new version is installed and that log redaction behaves as expected.

Generated by OpenCVE AI on March 26, 2026 at 14:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Improper Private Data Redaction Leading to Sensitive Data Exposure

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Improper Log Redaction Exposes Sensitive Data
Weaknesses CWE-200

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Improper Log Redaction Exposes Sensitive Data
Weaknesses CWE-200

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:21:10.421Z

Reserved: 2026-03-03T16:36:03.972Z

Link: CVE-2026-28862

cve-icon Vulnrichment

Updated: 2026-03-25T19:56:41.894Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:10.237

Modified: 2026-03-25T21:30:21.483

Link: CVE-2026-28862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:34Z

Weaknesses