Home / Vulnerability Intelligence / CVE-2026-28891

CVE-2026-28891 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 25, 2026

Apple macOS - Privilege Escalation

Published: March 25, 2026Updated: March 25, 2026

Overview

Apple macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4 contain a race condition caused by insufficient validation, letting sandboxed apps break out of their sandbox, exploit requires app execution within sandbox.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Sandboxed apps can break out of their restrictions, potentially leading to privilege escalation or unauthorized access.

Mitigation

Update to macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4 or later.

References

https://support.apple.com/en-us/126796
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126795

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-28891
Severity: High
CVSS Score: 8.1
Type: race_condition
Status: unconfirmed

CWE

CWE-362

CVSS Metrics

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H