Description
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.
Published: 2026-05-11
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a flaw in macOS’s state‑management logic that permits a malicious or compromised application to read data that should be restricted to privileged contexts. The primary consequence is that the attacker could obtain private user information, raising confidentiality risks without affecting integrity or availability.

Affected Systems

Apple’s macOS is affected, specifically releases prior to the fixes delivered in Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Devices running any of these older versions are at risk until the corresponding update is installed.

Risk and Exploitability

Because the EPSS score is <1% and the vulnerability is not listed in CISA's KEV catalog, there is no publicly known exploit, but the potential for information disclosure could be serious. The CVSS score of 6.5 indicates moderate severity. The vulnerability is mitigated solely by state‑management patches; there are no other prerequisites. The documentation does not detail an explicit attack path, but based on the description it is inferred that exploitation would be limited to local applications that invoke the affected functionality, with no known network-based exploitation.

Generated by OpenCVE AI on May 13, 2026 at 01:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS update that includes the state‑management fix – Sequoia 15.7.7, Sonoma 14.8.7, or Tahoe 26.5 depending on your system.
  • Verify that no legacy applications that explicitly request or depend on the vulnerable state‑transition APIs remain installed, and update or replace them when possible.
  • Consider running macOS in a user account with the least privileges necessary and enable the system’s privacy controls to restrict app access to sensitive data.

Generated by OpenCVE AI on May 13, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 13 May 2026 02:15:00 +0000

Type Values Removed Values Added
Title macOS State Management Vulnerability Enables Unauthorized Data Access.

Wed, 13 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title State‑Management Vulnerability Allowing Apps to Access Private User Information
Weaknesses CWE-547
CWE-710

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:30:00 +0000

Type Values Removed Values Added
Title State‑Management Vulnerability Allowing Apps to Access Private User Information
Weaknesses CWE-547
CWE-710

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T19:53:52.275Z

Reserved: 2026-03-03T16:36:03.986Z

Link: CVE-2026-28922

cve-icon Vulnrichment

Updated: 2026-05-12T19:35:11.789Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:54.530

Modified: 2026-05-13T14:37:44.660

Link: CVE-2026-28922

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T02:00:11Z

Weaknesses