Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system.
AnalysisAI
Local privilege escalation in macOS allows malicious applications to modify protected filesystem areas despite system integrity protections, enabling persistent compromise of system security. Affects macOS Sequoia (prior to 15.7.7), Sonoma (prior to 14.8.7), and Tahoe (prior to 26.5). Apple fixed the vulnerability by removing the exploitable code component. Despite the CVSS vector indicating a network-based denial-of-service, the description clearly states the actual impact is unauthorized filesystem modification by local applications, suggesting a CVSS scoring inconsistency. EPSS exploitation probability is very low (0.02%, 4th percentile) with no public exploit code or CISA KEV listing identified.
Technical ContextAI
This vulnerability (CWE-400: Uncontrolled Resource Consumption) affects macOS System Integrity Protection (SIP) mechanisms designed to prevent unauthorized modification of protected system directories. The issue appears to involve a code path that incorrectly validated or enforced permissions on protected filesystem areas, allowing applications to bypass Apple's security framework restrictions. Apple's remediation approach-removing the vulnerable code entirely rather than patching it-suggests the affected functionality was either obsolete or its security risk outweighed its utility. The discrepancy between the CVSS vector (AV:N indicating network attack) and the description (local app exploitation) indicates possible scoring error or miscategorization during initial analysis. The CPE identifier confirms impact across all recent macOS major versions including the newest Tahoe (26.x) release.
RemediationAI
Apply vendor-released patches immediately: upgrade macOS Tahoe to version 26.5 or later (https://support.apple.com/en-us/127115), macOS Sequoia to version 15.7.7 or later (https://support.apple.com/en-us/127116), or macOS Sonoma to version 14.8.7 or later (https://support.apple.com/en-us/127117). Apple addressed the vulnerability by removing the exploitable code component entirely, eliminating the attack surface. For environments unable to patch immediately, implement strict application control policies limiting installation to cryptographically signed, verified applications from trusted sources only (Gatekeeper enforcement at maximum level, disable unsigned app execution). Deploy endpoint detection monitoring for unauthorized filesystem modifications in protected directories (/System, /Library, /usr except /usr/local). Note that compensating controls only reduce risk-they cannot eliminate the vulnerability as malicious apps with valid code signatures could still exploit the flaw. EDR monitoring may produce false positives from legitimate system updates and should be tuned carefully.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29233
GHSA-wqj7-458q-4h8g