Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.
AnalysisAI
Denial-of-service attacks against multiple Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) result from improper null pointer handling that allows attackers in privileged network positions to crash affected systems. An attacker exploiting this CWE-476 vulnerability can render devices unavailable without user interaction. No patch is currently available, requiring users to apply mitigations until updates are released.
Technical ContextAI
This vulnerability is a null pointer dereference (CWE category: improper null pointer handling), which occurs when code attempts to access memory through a null pointer without proper validation. The affected products span Apple's entire ecosystem: iOS and iPadOS (cpe:2.3:a:apple:ios_and_ipados), macOS across multiple versions including Sequoia (15.7.5), Sonoma (14.8.5), and Tahoe (26.4) (cpe:2.3:a:apple:macos), tvOS (cpe:2.3:a:apple:tvos), visionOS (cpe:2.3:a:apple:visionos), and watchOS (cpe:2.3:a:apple:watchos). The root cause involves insufficient input validation before dereferencing a pointer, allowing a network-positioned attacker to trigger the null pointer condition and crash the affected component.
RemediationAI
Immediately upgrade affected Apple devices to patched versions: iOS and iPadOS to 18.7.7 or later (or 26.4 for newer versions), macOS Sequoia to 15.7.5, macOS Sonoma to 14.8.5, macOS Tahoe to 26.4, and tvOS, visionOS, and watchOS to 26.4 or later. Refer to the detailed security advisories at https://support.apple.com/en-us/126792 through https://support.apple.com/en-us/126799 for platform-specific instructions. For organizations unable to patch immediately, implement network segmentation to restrict untrusted network access to affected devices and monitor for unexpected service interruptions that may indicate exploitation attempts. Prioritize patching devices in critical network roles or those exposed to untrusted networks.
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth
This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15165
GHSA-3gqw-qcrw-37vv