Skip to main content

macOS CVE-2026-28848

| EUVDEUVD-2026-29220 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-11 apple GHSA-2h56-2mqr-w44f
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 16:31 vuln.today
CVSS changed
May 12, 2026 - 14:22 NVD
7.5 (HIGH)
Patch available
May 11, 2026 - 22:03 EUVD
CVE Published
May 11, 2026 - 20:08 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:08 nvd
HIGH 7.5

DescriptionCVE.org

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.

AnalysisAI

Buffer overflow in macOS allows remote unauthenticated attackers to cause system crashes and denial of service without user interaction. Affects macOS Sequoia versions prior to 15.7.7 and macOS Tahoe versions prior to 26.5. Apple has released patches addressing the vulnerability through improved bounds checking. Despite network-based attack vector and low complexity (CVSS 7.5), EPSS score of 0.05% (15th percentile) indicates minimal observed exploitation activity, and CISA SSVC framework confirms no active exploitation detected. Automatable attack path suggests potential for scanning-based campaigns if exploited.

Technical ContextAI

This is a stack-based buffer overflow vulnerability (CWE-121) in an unspecified macOS component or service accessible over the network. Stack buffer overflows occur when data written to a buffer exceeds allocated memory on the program stack, potentially overwriting adjacent memory including return addresses and function pointers. The CVSS vector (AV:N) indicates the vulnerable component accepts network connections, likely through a system service, daemon, or framework that processes remote input. Apple's fix involved implementing improved bounds checking to validate input size before copying data into fixed-size buffers. The CPE string cpe:2.3:a:apple:macos indicates this affects the macOS application layer rather than kernel components. The unchanged scope (S:U) suggests the vulnerability is contained within the vulnerable component's security context.

RemediationAI

Apply vendor-released patches immediately for internet-facing macOS systems. Upgrade macOS Sequoia installations to version 15.7.7 or later, and macOS Tahoe installations to version 26.5 or later, following Apple's security advisories at https://support.apple.com/en-us/127115 and https://support.apple.com/en-us/127116. If immediate patching is not feasible, implement network-based compensating controls by restricting inbound network access to macOS systems using host firewalls or network segmentation, blocking unnecessary services from internet exposure. Since the specific vulnerable component is not disclosed, granular service-level restrictions cannot be recommended. Network isolation will reduce attack surface but may impact legitimate remote access functionality including screen sharing, file sharing, and remote management capabilities. For systems requiring internet accessibility, deploy network intrusion detection systems to monitor for unusual connection patterns or crash-inducing traffic, though this provides detection rather than prevention. No application-level workarounds are available given the lack of component-specific details.

Share

CVE-2026-28848 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy