Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files.
AnalysisAI
Improper permissions checking in macOS before version 26.4 allows a malicious app with local user privileges to access arbitrary files without user interaction, potentially exposing sensitive data. The vulnerability has a low EPSS score (0.01%) and no confirmed active exploitation, making it a low-priority but real local privilege escalation risk for systems where untrusted applications may execute.
Technical ContextAI
This vulnerability stems from insufficient permissions validation in macOS file access controls (CWE-284: Improper Access Control). The root cause involves the operating system failing to properly enforce sandboxing or access control policies when a local application attempts to read files outside its permitted scope. The flaw affects the core macOS operating system (CPE: cpe:2.3:a:apple:macos) across versions prior to 26.4, indicating the issue exists in the kernel or system-level file handling mechanisms rather than isolated libraries. The attack vector is local and requires legitimate user-level privileges (PR:L), meaning the attacker must first have an account on the system or trick a user into executing malicious code.
RemediationAI
Update to macOS Tahoe 26.4 or later, available via Apple's security update mechanism at https://support.apple.com/en-us/126794. This vendor-released patch addresses the improved permissions checking deficiency and is the only confirmed remediation. Until patching is possible, implement compensating controls: restrict installation of third-party apps by disabling sideloading or using Mobile Device Management (MDM) policies to allowlist only trusted applications; enable System Integrity Protection (SIP) if not already enabled to add an additional kernel-level guard; audit file access logs on multi-user systems to detect unauthorized reads; and educate users not to grant Finder or app-level permissions to untrusted software. Note that none of these controls fully eliminate the vulnerability - they only reduce attack surface.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29234
GHSA-gjq4-3jcx-r8xf