Description
A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
Published: 2026-05-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a logic flaw in macOS Tahoe’s file processing that allows a specially crafted ZIP archive to bypass Gatekeeper checks. This flaw is classified as CWE‑358, CWE‑693, indicating weaknesses in metadata handling and policy enforcement. By tricking the system into treating a malicious payload as a trusted application, an attacker could execute code without the user granting explicit permission. The issue stems from improper handling of ZIP metadata, which undermines the built‑in access control mechanism.

Affected Systems

Apple macOS Tahoe versions older than 26.5. The fix was applied in macOS Tahoe 26.5 and later releases, so only installations of 26.4 or earlier are affected.

Risk and Exploitability

The EPSS score of <1% indicates a low likelihood of exploitation at this time, while the CVSS score of 5.5 places the vulnerability in the moderate severity range. The flaw is not listed in the CISA KEV catalog, yet it still permits malicious code execution if a user opens or extracts a crafted archive. The likely attack vector involves a user unintentionally handling a malicious ZIP file from email, cloud services, or downloads; this is inferred from the description of a ZIP archive bypassing Gatekeeper.

Generated by OpenCVE AI on May 13, 2026 at 20:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Tahoe 26.5 or later to receive the fix
  • Restart the system to ensure Gatekeeper policies are refreshed
  • Avoid downloading or opening ZIP archives from untrusted or unknown sources

Generated by OpenCVE AI on May 13, 2026 at 20:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127115 cve-icon cve-icon
History

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 13 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Gatekeeper Bypass via Malicious ZIP Archive in macOS Tahoe

Wed, 13 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Malicious ZIP Archive Bypasses Gatekeeper Checks on macOS Tahoe
Weaknesses CWE-284

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-358
CWE-693
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Malicious ZIP Archive Bypasses Gatekeeper Checks on macOS Tahoe
Weaknesses CWE-284

Mon, 11 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-13T14:40:13.695Z

Reserved: 2026-03-03T16:36:03.985Z

Link: CVE-2026-28914

cve-icon Vulnrichment

Updated: 2026-05-13T13:27:44.009Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:53.903

Modified: 2026-05-14T14:02:16.887

Link: CVE-2026-28914

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:45:04Z

Weaknesses
  • CWE-358

    Improperly Implemented Security Check for Standard

  • CWE-693

    Protection Mechanism Failure