Description
A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
Published: 2026-05-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Apple identified a consistency flaw in macOS state‑handling logic that represents an improper authorization (CWE‑269) and can be abused by an application to obtain root privileges on the affected system.

Affected Systems

The vulnerability affects macOS installations older than Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 until the corresponding update is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1% suggests a very low probability of exploitation. It is not listed in the CISA KEV catalog. The most likely attack vector is local user‑level execution of a malicious application, as no network‑based attack path is documented.

Generated by OpenCVE AI on May 12, 2026 at 18:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest macOS update (Sequoia 15.7.7, Sonoma 14.8.7, or Tahoe 26.5) and reboot to apply the state‑handling fix.
  • Enable automatic updates or regularly check for macOS security updates to keep the system current.
  • If an update cannot be applied immediately, restrict execution of unverified third‑party applications until a patch is installed.

Generated by OpenCVE AI on May 12, 2026 at 18:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:00:00 +0000

Type Values Removed Values Added
Title macOS Privilege Escalation via State Handling Vulnerability

Tue, 12 May 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Root Privilege Escalation in macOS State Handling
Weaknesses CWE-284
CWE-732

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:30:00 +0000

Type Values Removed Values Added
Title Root Privilege Escalation in macOS State Handling
Weaknesses CWE-269
CWE-284
CWE-732

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T13:09:59.237Z

Reserved: 2026-03-03T16:36:03.986Z

Link: CVE-2026-28919

cve-icon Vulnrichment

Updated: 2026-05-12T13:09:45.214Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:54.317

Modified: 2026-05-12T17:10:01.120

Link: CVE-2026-28919

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T18:45:05Z

Weaknesses