Skip to main content

macOS CVE-2026-28923

| EUVDEUVD-2026-29243 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2026-05-11 apple GHSA-mvr2-p57p-mxm8
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 14:25 vuln.today
CVSS changed
May 12, 2026 - 14:22 NVD
8.8 (HIGH)
Patch available
May 11, 2026 - 22:03 EUVD
CVE Published
May 11, 2026 - 20:07 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:07 nvd
HIGH 8.8

DescriptionCVE.org

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.

AnalysisAI

Sandbox escape in macOS logging subsystem allows malicious applications with low privileges to break containment and access system resources beyond sandbox boundaries. The vulnerability stems from improper data redaction in logging mechanisms (CWE-532), affecting macOS Tahoe 26.x, Sequoia 15.x, and Sonoma 14.x prior to their May 2026 updates. Apple has released patches for all affected versions. EPSS score of 0.02% (4th percentile) indicates minimal widespread exploitation likelihood, with no confirmed active exploitation or public POC at time of analysis. CVSS 8.8 HIGH reflects the scope change (S:C) allowing escape from sandboxed context to system-level access with complete confidentiality, integrity, and availability impact.

Technical ContextAI

The vulnerability resides in macOS's unified logging system, which handles system-wide event recording and diagnostic data. CWE-532 (Insertion of Sensitive Information into Log File) indicates that the logging subsystem failed to properly redact sensitive data before writing to log files or streams. In macOS, applications run within App Sandbox - a mandatory access control technology that restricts app capabilities to their declared entitlements. The logging flaw creates an unintended information disclosure channel or privilege escalation vector, allowing sandboxed processes to leverage improperly redacted log data to infer system state, access credentials, or manipulate logging mechanisms to escape containment. The CVSS scope change (S:C) confirms the vulnerability crosses security boundaries from the sandboxed application context to the broader system security context. This affects the core operating system across all modern macOS branches: Sonoma (14.x), Sequoia (15.x), and the newer Tahoe (26.x) release.

RemediationAI

Apply Apple security updates immediately: upgrade macOS Tahoe to version 26.5 or later (https://support.apple.com/en-us/127117), macOS Sequoia to version 15.7.7 or later (https://support.apple.com/en-us/127116), or macOS Sonoma to version 14.8.7 or later (https://support.apple.com/en-us/127115). Updates are available through System Settings > General > Software Update or via Apple Software Update mechanisms for managed deployments. No workarounds are documented by Apple. Compensating controls until patching include restricting installation of third-party applications to trusted sources only through Gatekeeper enforcement, enabling Full Disk Access restrictions in System Settings > Privacy & Security to limit application permissions, and monitoring system logs for unusual application behavior attempting to access logging subsystems (Console.app or log stream commands). Note that restricting application installation may impact productivity in development or creative workflows requiring diverse toolsets, and log monitoring generates significant operational overhead without automated correlation. These mitigations do not prevent exploitation by already-installed malicious applications and should be considered temporary risk reduction measures only.

Share

CVE-2026-28923 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy