Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device.
Published: 2026-04-22
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logging issue caused notifications that were marked for deletion to remain on the device, preventing the intended data redaction. This flaw can lead to exposure of sensitive information that users expected to be removed, compromising the confidentiality of personal communications and other confidential data accessed locally. Based on the description, it is inferred that an attacker would need local or physical access to read the retained notification content.

Affected Systems

Apple iOS and iPadOS devices running any version older than iOS 15.8.8, iOS 16.7.16, iOS 18.7.8 or iOS 26.4.2, as well as any iPadOS version older than iPadOS 15.8.8, iPadOS 16.7.16, iPadOS 18.7.8 or iPadOS 26.4.2 are affected. The flaw has been fixed in the corresponding release versions listed above.

Risk and Exploitability

Based on the description, it is inferred that the likely attack vector is local access to the device; there is no reported network exploitation path. The EPSS score is less than 1 %, indicating a very low probability of real‑world exploitation, and the vulnerability is not listed in the CISA KEV catalog. With a CVSS score of 6.2, the risk is considered low to moderate, contingent upon the sensitivity of the data contained in the deleted notifications.

Generated by OpenCVE AI on May 11, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the following fixed releases: iOS 15.8.8, iPadOS 15.8.8, iOS 16.7.16, iPadOS 16.7.16, iOS 18.7.8, iPadOS 18.7.8, iOS 26.4.2, or iPadOS 26.4.2 to apply the logging fix
  • If an upgrade is not possible, avoid transmitting sensitive data via user notifications; use secure in‑app messaging instead
  • Ensure the device is protected by a strong passcode, biometric authentication, or a device lock to limit local access to the logs

Generated by OpenCVE AI on May 11, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 23:30:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Potential Data Exposure via Deleted Notification Logs in iOS/iPadOS

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device. A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device.
References

Wed, 29 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Potential Data Exposure via Deleted Notification Logs in iOS/iPadOS

Mon, 27 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Vendors & Products Apple
Apple ios And Ipados

Wed, 22 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-17T22:18:44.334Z

Reserved: 2026-03-03T16:36:03.990Z

Link: CVE-2026-28950

cve-icon Vulnrichment

Updated: 2026-04-29T19:32:15.824Z

cve-icon NVD

Status : Modified

Published: 2026-04-22T19:17:00.847

Modified: 2026-05-17T23:17:02.287

Link: CVE-2026-28950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:30:02Z

Weaknesses