CVE-2026-28922

medium

Published 2026-05-11 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2

—

VIR risk

6.5

Description

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: apple — https://support.apple.com/en-us/127117

vendor Authored 2026-05-27

Vendor advisory: apple — https://support.apple.com/en-us/127116

vendor Authored 2026-05-27

Vendor advisory: apple — https://support.apple.com/en-us/127115

OS impact

OS	Version	Status	Fixed in
macos	26.5	fixed
macos	15.7.7	fixed
macos	14.8.7	fixed
macos		affected	`14.8.7`

References

https://support.apple.com/en-us/127115
https://support.apple.com/en-us/127116
https://support.apple.com/en-us/127117

CWEs

CWE-200 CWE-284

Verify integrity in audit chain (admin only). AS-IS.