CVE-2026-28995 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 12, 2026
Apple iOS & macOS - Sandbox Escape
Published: May 11, 2026Updated: May 12, 2026
Overview
Apple iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5 contain a sandbox escape vulnerability caused by a logic issue, letting malicious apps break out of their sandbox, exploit requires malicious app installation.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Malicious apps can break out of sandbox, potentially leading to privilege escalation and unauthorized system access.
Mitigation
Update to iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
References
Related Resources
Details
- CVE ID
- CVE-2026-28995
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-269
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H