Description
A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic flaw in macOS file handling permits a maliciously crafted ZIP archive to bypass Gatekeeper checks, the operating system’s mechanism for ensuring only trusted applications run. The flaw enables an attacker to contain malicious code that can be executed on a user’s machine, effectively circumventing a core security barrier and providing a path to unauthorized code execution. The weakness originates from improper handling of ZIP metadata and falls under improper access control.

Affected Systems

Apple macOS, specifically versions of macOS Tahoe prior to 26.5. The issue is resolved in macOS Tahoe 26.5 and later releases.

Risk and Exploitability

The EPSS score is not available, and this vulnerability is not listed in the CISA KEV catalog. While the exact CVSS score is not provided, the ability to bypass Gatekeeper suggests a high impact, especially if an attacker can supply a crafted ZIP to a user. The most likely attack vector involves a user opening or extracting a malicious ZIP file—either from email, file sharing, or downloads. Exploitation requires the victim to access the archive, so the risk is mitigated by user behavior but remains significant due to the critical role of Gatekeeper in the system’s security.

Generated by OpenCVE AI on May 11, 2026 at 22:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26.5 or newer to receive the fix
  • Verify that Gatekeeper remains enabled after the upgrade to ensure the protection is active
  • Avoid opening ZIP archives from untrusted or unknown sources and verify file integrity before extraction

Generated by OpenCVE AI on May 11, 2026 at 22:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127115 cve-icon cve-icon
History

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Malicious ZIP Archive Bypasses Gatekeeper Checks on macOS Tahoe
Weaknesses CWE-284

Mon, 11 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:07:38.732Z

Reserved: 2026-03-03T16:36:03.985Z

Link: CVE-2026-28914

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:53.903

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28914

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:15:06Z

Weaknesses