CVE-2026-28961 - Vulnerability Details

Description

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.

Published: 2026-05-11

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker with physical access to a locked macOS device to view sensitive user information. Improved checks were added, and the flaw is fixed in macOS 26.5. The primary impact is the disclosure of confidential data, potentially compromising personal files and credentials.

Affected Systems

Apple macOS devices prior to version 26.5 are affected. The issue was addressed in macOS 26.5 and later.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not in CISA KEV. Exploitation requires physical proximity to a locked device; no network access is needed. Attackers who gain such access can read data without authentication, posing a risk primarily to users with less strict physical security.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 26.5

No data.

Vendor Product Confidence Versions

Apple

Macos

100%

Version	Status	Scheme	Platform
`[0,26.5)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to macOS 26.5 or a later release that includes the fix
Configure the device to lock automatically when idle and use a strong passcode or biometric authentication
Implement physical security controls to prevent unauthorized access such as lockable cases or secure storage when the device is unattended

Generated by OpenCVE AI on May 11, 2026 at 21:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://support.apple.com/en-us/127115

History

Mon, 11 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Title		Information Disclosure via Physical Access on Locked macOS Devices
First Time appeared		Apple Apple macos
Weaknesses		CWE-200
Vendors & Products		Apple Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.
References		https://support.apple.com/en-us/127115

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-05-11T20:08:37.494Z

Updated: 2026-05-11T20:08:37.494Z

Reserved: 2026-03-03T16:36:03.991Z

Link: CVE-2026-28961

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:57.090

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28961

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-11T22:00:07Z

Weaknesses

CWE-200

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object