CVE-2026-28889 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-28889 PUBLISHED CVSS 6.199999809265137 MEDIUM

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.

EPSS 0.02% · 3.1th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.02%

3.1th percentile

Affected Products

Vendor	Product	Versions
apple	xcode	0, 0
Apple	Xcode	0, 0

Timeline

Mar 25, 2026 CVE Published
Mar 25, 2026 EPSS Score
Mar 25, 2026 Coalition ESS Score
Mar 25, 2026 PoC Published
Mar 29, 2026 Security Advisory

References

https://support.apple.com/en-us/126793 advisory
https://support.apple.com/en-us/126794 advisory
https://support.apple.com/en-us/126798 advisory
https://support.apple.com/en-us/126800 advisory
https://support.apple.com/en-us/126796 advisory
https://support.apple.com/en-us/126792 advisory
https://support.apple.com/en-us/126795 advisory
https://support.apple.com/en-us/126799 advisory
https://support.apple.com/en-us/126797 advisory
https://support.apple.com/en-us/126801 advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-28889 advisory

Open in Interactive Console →