Description
An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An information‑leakage flaw caused by missing validation allows a malicious application to gain root privileges, providing the attacker full control over the affected system.

Affected Systems

Apple macOS Tahoe versions prior to 26.5 are affected. The issue is fixed in macOS Tahoe 26.5, which eliminates the validation error.

Risk and Exploitability

EPSS score of < 1% and CVSS score of 7.5. The vulnerability is not listed in the CISA KEV catalog. The flaw grants root access, a severe impact. Based on the description, it is inferred that the likely attack vector is local, requiring the malicious code to run on the device.

Generated by OpenCVE AI on May 12, 2026 at 21:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26.5 or later to apply the official fix.
  • Enable Gatekeeper to restrict execution of applications from unverified developers.
  • Ensure System Integrity Protection is enabled to prevent unauthorized modification of protected system files.

Generated by OpenCVE AI on May 12, 2026 at 21:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127115 cve-icon cve-icon
History

Tue, 12 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Information Leakage in macOS Tahoe

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Information Leakage in macOS Tahoe
Weaknesses CWE-269

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T18:22:39.147Z

Reserved: 2026-03-03T16:36:03.993Z

Link: CVE-2026-28976

cve-icon Vulnrichment

Updated: 2026-05-12T18:20:35.560Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:58.117

Modified: 2026-05-12T19:16:30.110

Link: CVE-2026-28976

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:30:25Z

Weaknesses