CVE-2026-28858 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 25, 2026
Apple iOS & iPadOS - Buffer Overflow
Published: March 25, 2026Updated: March 25, 2026Remote Exploitable
Overview
Apple iOS and iPadOS < 26.4 contain a buffer overflow caused by insufficient bounds checking, letting remote attackers cause system termination or kernel memory corruption, exploit requires remote access.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Remote attackers can cause system crashes or corrupt kernel memory, potentially leading to denial of service or system compromise.
Mitigation
Update to version 26.4 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-28858
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- unconfirmed
CWE
- CWE-120
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H