Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a permissions flaw that may enable a local application to access protected user data that should be restricted. The flaw arises from insufficient authorization checks, allowing the application to bypass normal access controls. The impact is a confidentiality breach as the attacker could read sensitive information stored on the Mac without user consent.

Affected Systems

Apple macOS Tahoe versions earlier than 26.5 are affected. The issue is fixed in macOS Tahoe 26.5 and later.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in CISA KEV, indicating a very low probability of exploitation. The CVSS score is 7.5, classifying the flaw as High severity. The likely attack vector is local, requiring an application run with insufficiently restricted permissions.

Generated by OpenCVE AI on May 13, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system to macOS Tahoe 26.5 or a later release to receive the security fix
  • Revoke or limit application permissions for accessing protected data via System Settings > Privacy & Security > Files & Folders, Camera, Microphone, etc.
  • Verify that applications are running within the proper sandbox and are not granted unnecessary privileged access

Generated by OpenCVE AI on May 13, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/127115 cve-icon cve-icon
History

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 13 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Local Application Permissions Flaw Enabling Access to Protected User Data

Wed, 13 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title macOS Tahoe permissions issue may allow apps to read protected user data
Weaknesses CWE-264
CWE-285

Wed, 13 May 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title macOS Tahoe permissions issue may allow apps to read protected user data
First Time appeared Apple
Apple macos
Weaknesses CWE-264
CWE-285
Vendors & Products Apple
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-13T13:07:44.531Z

Reserved: 2026-05-01T22:46:21.638Z

Link: CVE-2026-43652

cve-icon Vulnrichment

Updated: 2026-05-13T13:06:20.854Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:19:00.970

Modified: 2026-05-14T14:33:02.870

Link: CVE-2026-43652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T18:00:06Z

Weaknesses