CVE-2026-28961

Description

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.

CVSS Details

CVSS Score

4.6

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Tahoe < 26.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
PoC for CVE-2026-28961 (Conceptual)
This script checks if the macOS version is vulnerable to the information disclosure issue.
Actual exploitation requires physical interaction with the device.
"""
import subprocess
import re

def get_macos_version():
    """Retrieve the current macOS version."""
    try:
        output = subprocess.check_output(['sw_vers'], text=True)
        match = re.search(r'ProductVersion:\s+(\d+\.\d+)', output)
        if match:
            return match.group(1)
    except Exception:
        pass
    return None

def check_vulnerability():
    """Check if the system is affected by CVE-2026-28961."""
    version = get_macos_version()
    print(f"[+] Detected macOS Version: {version}")
    
    # Vulnerability affects macOS Tahoe < 26.5
    if version and float(version) < 26.5:
        print("[!] System is potentially vulnerable to CVE-2026-28961.")
        print("[*] Impact: Attacker with physical access may view sensitive user info on locked device.")
        return True
    else:
        print("[+] System is patched or not affected.")
        return False

if __name__ == "__main__":
    check_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28961
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28961
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28961/
[4] VulDB https://vuldb.com/cve/CVE-2026-28961
[5] https://support.apple.com/en-us/127115

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28961", "sourceIdentifier": "[email protected]", "published": "2026-05-11T21:18:57.090", "lastModified": "2026-05-14T14:01:18.367", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-522"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837"}]}]}], "references": [{"url": "https://support.apple.com/en-us/127115", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}