Description
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges.
Published: 2026-03-25
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Root Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A race condition in macOS system state handling may allow an application to elevate its privileges to root. The flaw is a concurrency error, classified as CWE‑362, and could enable an attacker to execute arbitrary code with full system control.

Affected Systems

Apple macOS users running earlier versions than Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4 are vulnerable. Releases newer than these per‑update builds contain the fix.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate impact, while the EPSS score of less than 1 % suggests the likelihood of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is local, requiring the attacker to execute a malicious application on the affected system.

Generated by OpenCVE AI on March 25, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to Sequoia 15.7.5 or later, Sonoma 14.8.5 or later, or Tahoe 26.4 or later
  • Verify the installation of the latest security updates via System Settings > Software Update

Generated by OpenCVE AI on March 25, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Race Condition in macOS Enables Potential Root Privilege Escalation

Wed, 25 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:12.858Z

Reserved: 2026-03-03T16:36:03.980Z

Link: CVE-2026-28888

cve-icon Vulnrichment

Updated: 2026-03-25T14:34:41.020Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:12.280

Modified: 2026-03-25T18:00:10.290

Link: CVE-2026-28888

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:56:50Z

Weaknesses