Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permissions flaw in Apple macOS allows certain applications to read protected user data that should otherwise be inaccessible. This weakness is categorized as CWE‑284: Improper Access Control. The insufficient access controls enable an app with the wrong privileges to bypass normal safeguards. Because the flaw directly compromises data confidentiality, an attacker could view or exfiltrate sensitive information.

Affected Systems

Apple macOS operating systems are impacted. The fix has been applied in macOS Tahoe 26.5. All earlier releases without the patch are vulnerable.

Risk and Exploitability

The EPSS score is < 1%, and the CVSS score of 7.5 indicates a high severity; the vulnerability is not listed in the CISA KEV catalog, indicating limited evidence of public exploitation. However, the flaw's nature - granting an app the ability to access protected data - presents a significant confidentiality risk if exploited. The attack vector is likely local, requiring the attacker to install or execute an application on the affected system that exploits the permission lapse. The impact is system-wide for the compromised account, and the severity would rise if the affected application processes data written to untrusted locations.

Generated by OpenCVE AI on May 13, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Tahoe 26.5 or later, which includes the additional access control restrictions that fix the CWE‑284 flaw.
  • Ensure that any installed third‑party applications are from trusted developers and have the latest updates, as these may contain follow‑up fixes or mitigations for related permission misconfigurations.
  • Verify that the operating system’s Gatekeeper and System Integrity Protection settings are enabled to reduce the risk of malicious applications gaining elevated privileges.

Generated by OpenCVE AI on May 13, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127115 cve-icon cve-icon
History

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 13 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title macOS Permission Flaw Exposes Protected User Data

Wed, 13 May 2026 16:30:00 +0000

Type Values Removed Values Added
Title macOS Permissions Flaw Allowing Unprivileged App Access to Protected User Data
Weaknesses CWE-269
CWE-732

Wed, 13 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title macOS Permissions Flaw Allowing Unprivileged App Access to Protected User Data
Weaknesses CWE-269
CWE-732

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-13T13:55:36.822Z

Reserved: 2026-03-03T16:36:03.987Z

Link: CVE-2026-28930

cve-icon Vulnrichment

Updated: 2026-05-13T13:41:56.995Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:55.027

Modified: 2026-05-14T14:01:31.000

Link: CVE-2026-28930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T18:30:46Z

Weaknesses