CVE-2026-28930

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Tahoe < 26.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/*
 * PoC for CVE-2026-28930 (macOS Tahoe Permissions Bypass)
 * This conceptual code demonstrates how an app might attempt to access
 * protected user data without explicit authorization on vulnerable versions.
 */

import Foundation

func attemptProtectedDataAccess() {
    let protectedDir = "/Users/Shared/ProtectedData" // Hypothetical sensitive path
    let fileManager = FileManager.default
    
    print("[*] Checking access to: \(protectedDir)")
    
    if fileManager.fileExists(atPath: protectedDir) {
        do {
            // Attempt to list contents of the protected directory
            let contents = try fileManager.contentsOfDirectory(atPath: protectedDir)
            print("[+] Vulnerability Exploited! Found files: \(contents)")
        } catch {
            print("[-] Access denied. System may be patched.")
        }
    } else {
        print("[-] Directory not found.")
    }
}

// Run the PoC
attemptProtectedDataAccess()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28930
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28930
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28930/
[4] VulDB https://vuldb.com/cve/CVE-2026-28930
[5] https://support.apple.com/en-us/127115

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28930", "sourceIdentifier": "[email protected]", "published": "2026-05-11T21:18:55.027", "lastModified": "2026-05-14T14:01:31.000", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837"}]}]}], "references": [{"url": "https://support.apple.com/en-us/127115", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}