VDB

CVE-2026-28891

CVE-2026-28891 PUBLISHED CVSS 8.100000381469727 HIGH

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.

EPSS 0.01% · 2.0th percentile

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.01%
2.0th percentile

Affected Products

VendorProductVersions
ApplemacOS0, 0, 0
applemacos14.0, 15.0, 26.0

Timeline

  • Mar 25, 2026 CVE Published
  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Coalition ESS Score
  • Mar 25, 2026 PoC Published
  • Mar 26, 2026 PoC Published
  • Mar 26, 2026 PoC Published
  • Mar 29, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›