Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permissions flaw in Apple macOS allows certain applications to read protected user data that should otherwise be inaccessible. The weakness arises from insufficient access controls, enabling an app with the wrong privileges to bypass normal safeguards. Because the flaw directly compromises data confidentiality, an attacker could view or exfiltrate sensitive information.

Affected Systems

Apple macOS operating systems are impacted. The fix has been applied in macOS Tahoe 26.5. All earlier releases without the patch are vulnerable.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating limited evidence of public exploitation. However, the flaw's nature - granting an app the ability to access protected data - presents a significant confidentiality risk if exploited. The attack vector is likely local, requiring the attacker to install or execute an application on the affected system that exploits the permission lapse. The impact is system-wide for the compromised account, and the severity would rise if the affected application processes data written to untrusted locations.

Generated by OpenCVE AI on May 11, 2026 at 22:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Tahoe 26.5 or later, which includes the additional access control restrictions that fix the issue.
  • Ensure that any installed third-party applications are from trusted developers and have the latest updates, as these may contain follow-up fixes or mitigations for related permission misconfigurations.
  • Verify that the operating system’s Gatekeeper and System Integrity Protection settings are enabled to reduce the risk of malicious applications gaining elevated privileges.

Generated by OpenCVE AI on May 11, 2026 at 22:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127115 cve-icon cve-icon
History

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title macOS Permissions Flaw Allowing Unprivileged App Access to Protected User Data
Weaknesses CWE-269
CWE-732

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:08:26.116Z

Reserved: 2026-03-03T16:36:03.987Z

Link: CVE-2026-28930

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:55.027

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:30:08Z

Weaknesses