Summaryinfo

A vulnerability described as problematic has been identified in Apple macOS up to 26.3. Affected by this issue is some unknown functionality of the component App. The manipulation results in information disclosure. This vulnerability is known as CVE-2026-28881. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability classified as problematic has been found in Apple macOS up to 26.3. Affected is an unknown code block of the component App. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:

A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

The advisory is shared for download at support.apple.com. This vulnerability is traded as CVE-2026-28881 since 03/03/2026. The exploitability is told to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading to version 26.4 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 26.0
• 26.1
• 26.2
• 26.3

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion