VDB

GCVE-110-NCSC-2026-102

GCVE-110-NCSC-2026-102
Advisory PublishedCVSS 5.3/10
Vulnetix · Advisory published March 25, 2026
An authorization vulnerability allowing apps to potentially access sensitive user data was resolved by enhancing state management in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4.

Weaknesses (CWE)

CWE-522Insufficiently Protected CredentialsCWE-190Integer Overflow or WraparoundCWE-201Insertion of Sensitive Information Into Sent DataCWE-918Server-Side Request Forgery (SSRF)CWE-125Out-of-bounds ReadCWE-150Improper Neutralization of Escape, Meta, or Control SequencesCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-346Origin Validation ErrorCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Risk Scores

CVSS 3.1
5.3/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
Applevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›