Summaryinfo

A vulnerability was found in Apple macOS up to 26.3. It has been declared as problematic. The affected element is an unknown function. The manipulation results in temp file. This vulnerability is cataloged as CVE-2026-28893. The attack must be initiated from a local position. There is no exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, was found in Apple macOS up to 26.3. Affected is some unknown processing. The manipulation with an unknown input leads to a temp file vulnerability. CWE is classifying the issue as CWE-377. Creating and using insecure temporary files can leave application and system data vulnerable to attack. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a temporary file when using print preview.

The advisory is available at support.apple.com. This vulnerability is traded as CVE-2026-28893 since 03/03/2026. The exploitability is told to be easy. Local access is required to approach this attack. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 03/29/2026).

Upgrading to version 26.4 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 26.0
• 26.1
• 26.2
• 26.3

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion