CVE-2026-43652 - Vulnerability Details

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.

Published: 2026-05-11

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a permissions flaw that may enable a local application to access protected user data that should be restricted. The flaw arises from insufficient authorization checks, allowing the application to bypass normal access controls. The impact is a confidentiality breach as the attacker could read sensitive information stored on the Mac without user consent.

Affected Systems

Apple macOS Tahoe versions earlier than 26.5 are affected. The issue is fixed in macOS Tahoe 26.5 and later.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating no known active exploitation. The CVSS severity is not provided, but the nature of the flaw suggests a significant risk if the system is not patched. The likely attack vector is local, requiring a user to run an application that has been granted insufficiently restricted permissions.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 26.5

No data.

Vendor Product Confidence Versions

Apple

Macos

100%

Version	Status	Scheme	Platform
`[0,26.5)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the system to macOS Tahoe 26.5 or a later release to receive the security fix
Revoke or limit application permissions for accessing protected data via System Settings > Privacy & Security > Files & Folders, Camera, Microphone, etc.
Verify that applications are running within the proper sandbox and are not granted unnecessary privileged access

Generated by OpenCVE AI on May 11, 2026 at 22:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://support.apple.com/en-us/127115

History

Mon, 11 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title		macOS Tahoe permissions issue may allow apps to read protected user data
First Time appeared		Apple Apple macos
Weaknesses		CWE-264 CWE-285
Vendors & Products		Apple Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
References		https://support.apple.com/en-us/127115

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-05-11T20:08:40.087Z

Updated: 2026-05-11T20:08:40.087Z

Reserved: 2026-05-01T22:46:21.638Z

Link: CVE-2026-43652

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:19:00.970

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-43652

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-11T22:30:08Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object