What is the CVSS score of CVE-2026-28817?

CVE-2026-28817 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of macOS are affected by CVE-2026-28817?

CVE-2026-28817 is a macOS sandbox escape vulnerability affecting Sequoia, Sonoma, and Tahoe that allows local attackers to execute arbitrary operations with elevated privileges, directly undermining…. A patch is available.

macOS CVE-2026-28817

EUVD-2026-15079 HIGH

Race Condition (CWE-362)

2026-03-25 apple

GHSA-p8x5-crg3-hj6v

Information Disclosure Apple Race Condition macOS

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:17 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

14.8.5,15.7.5,26.4

EUVD ID Assigned

Mar 25, 2026 - 01:00 euvd

EUVD-2026-15079

Analysis Generated

Mar 25, 2026 - 01:00 vuln.today

CVE Published

Mar 25, 2026 - 00:32 nvd

HIGH 8.1

DescriptionNVD

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A sandboxed process may be able to circumvent sandbox restrictions.

AnalysisAI

Sandboxed processes on Apple macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can escape sandbox isolation due to a race condition in state handling, allowing local attackers to bypass security restrictions and potentially execute arbitrary operations with elevated privileges. No patch is currently available for affected systems. …

RemediationAI

Within 24 hours: Inventory all macOS systems running Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4 and restrict local user access to business-critical systems. Within 7 days: Deploy Apple security updates to Sequoia 15.8+, Sonoma 14.9+, or Tahoe 26.5+ (exact patch versions to be confirmed from Apple Security Updates page) to all affected devices; prioritize systems handling sensitive data or administrative functions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-5817 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock

CVE-2026-5843 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2025-43306 HIGH This Week

7.8 May 26

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root

CVE-2026-49237 HIGH This Week

7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

CVE-2026-28817 vulnerability details – vuln.today

Back

macOS CVE-2026-28817

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code