Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.
AnalysisAI
A buffer overflow vulnerability in Apple macOS Tahoe prior to version 26.4 enables remote attackers to trigger a denial-of-service condition through memory corruption and application crashes without requiring user interaction or authentication. The flaw stems from insufficient bounds checking and currently lacks a security patch. This vulnerability affects all macOS users running vulnerable versions.
Technical ContextAI
This buffer overflow vulnerability (CWE category for out-of-bounds memory access) exists in the macOS Tahoe operating system and was introduced through improper bounds checking in a specific code component. Buffer overflows occur when a program writes data beyond the allocated boundary of a buffer in memory, potentially corrupting adjacent memory regions, heap metadata, or stack return addresses. Apple's fix explicitly addresses this through improved bounds checks, indicating that input validation or length verification was insufficient prior to writing to a fixed-size or dynamically allocated buffer. The vulnerability is system-level and affects the macOS core or bundled applications, as indicated by the CPE specification cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*, covering all macOS versions without version-specific constraints prior to patching.
RemediationAI
Immediately upgrade to macOS Tahoe version 26.4 or later, which includes the improved bounds checks that resolve this vulnerability. Visit https://support.apple.com/en-us/126794 for detailed patch instructions and verification steps. If immediate patching is not feasible, restrict local and network access to affected macOS systems to trusted users and network segments only, disable unnecessary network services, and monitor system logs for signs of memory corruption or unexpected application crashes that could indicate exploitation attempts. Prioritize patching within 48 to 72 hours given the memory safety nature of the vulnerability.
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth
This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15117
GHSA-xvfm-vcfx-8599