Summaryinfo

A vulnerability labeled as problematic has been found in Apple macOS up to 26.3. This issue affects some unknown processing. The manipulation results in input validation. This vulnerability is known as CVE-2026-28844. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Apple macOS up to 26.3. It has been classified as problematic. Affected is an unknown part. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system.

The advisory is available at support.apple.com. This vulnerability is traded as CVE-2026-28844 since 03/03/2026. The exploitability is told to be easy. Local access is required to approach this attack. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 03/29/2026).

Upgrading to version 26.4 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 26.0
• 26.1
• 26.2
• 26.3

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion