CVE-2026-28890

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:* - VULNERABLE

Xcode < 26.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// PoC for CVE-2026-28890 (Conceptual)
// This code demonstrates a buffer over-read scenario causing a crash.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void simulate_oob_read() {
    char small_buffer[10];
    char large_data[100];
    memset(large_data, 'A', sizeof(large_data));
    
    // Vulnerability: Copying more data than the buffer can hold or reading beyond bounds
    // In a real scenario, this would be inside a parsing function of Xcode
    printf("Attempting to read out of bounds...\n");
    
    // Simulating the read that causes system termination
    strncpy(small_buffer, large_data, 100); // OOB write/read trigger
    
    printf("Buffer: %s\n", small_buffer);
}

int main() {
    simulate_oob_read();
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28890
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28890
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28890/
[4] VulDB https://vuldb.com/cve/CVE-2026-28890
[5] https://support.apple.com/en-us/126801

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28890", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:12.480", "lastModified": "2026-03-26T18:24:38.557", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination."}, {"lang": "es", "value": "Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se soluciona en Xcode 26.4. Una aplicación podría causar una terminación inesperada del sistema."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "2F87BC4C-B08E-4A05-86E2-1CD228838DEA"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126801", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}