Skip to main content

macOS CVE-2026-28919

| EUVDEUVD-2026-29240 HIGH
Improper Privilege Management (CWE-269)
2026-05-11 apple GHSA-8g97-7mpw-mjmw
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 14:24 vuln.today
CVSS changed
May 12, 2026 - 14:22 NVD
7.8 (HIGH)
Patch available
May 11, 2026 - 22:03 EUVD
CVE Published
May 11, 2026 - 20:07 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:07 nvd
HIGH 7.8

DescriptionCVE.org

A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

AnalysisAI

Local privilege escalation in macOS Sequoia, Sonoma, and Tahoe allows applications to gain root privileges through a state handling flaw in the operating system. Apple patched this consistency issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite the high CVSS score (7.8), EPSS indicates only 0.02% exploitation probability (4th percentile), no public exploit code identified at time of analysis, and no CISA KEV listing, suggesting this is not yet widely exploited but represents a significant risk in multi-user or untrusted application environments.

Technical ContextAI

This vulnerability stems from CWE-269 (Improper Privilege Management), where the macOS kernel or system framework fails to properly maintain state consistency during privilege transitions. State handling flaws often occur in race conditions, time-of-check-time-of-use (TOCTOU) scenarios, or improper validation of credential objects during process elevation. The CPE identifier confirms this affects Apple's macOS operating system across three major release branches: Sonoma (14.x), Sequoia (15.x), and the newly released Tahoe (26.x). The consistency issue likely involves improper synchronization of privilege-related data structures, allowing a malicious application to manipulate system state to bypass authorization checks and escalate from user-level to root privileges.

RemediationAI

Update to vendor-released patches: macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, or macOS Tahoe 26.5 via System Settings > General > Software Update. Apple security bulletins are available at https://support.apple.com/en-us/127115 (Tahoe), https://support.apple.com/en-us/127116 (Sequoia), and https://support.apple.com/en-us/127117 (Sonoma). If immediate patching is not feasible, implement application allowlisting to restrict execution to only trusted, signed applications from identified developers, enforced through MDM policies or Gatekeeper configurations. This compensating control reduces attack surface by preventing unknown applications from running, though it may impact user productivity in development or testing environments. Additionally, enable Full Disk Access restrictions and review System Integrity Protection (SIP) status to ensure layered protections remain active, though these do not directly mitigate the vulnerability.

Share

CVE-2026-28919 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy