Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
AnalysisAI
Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.
Technical ContextAI
The vulnerability stems from improper bounds checking (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in Apple's file processing logic. CWE-119 encompasses buffer overflows and similar memory access violations. The affected components span Apple's unified codebase across iOS 18.x/26.x, macOS Sequoia (15.x), Sonoma (14.x), Tahoe (26.x), tvOS, visionOS, and watchOS platforms, all built on similar kernel and framework architectures. The vulnerability triggers when a crafted file is processed locally, suggesting the flaw exists in a file parser or handler that lacks proper validation of file structure or content length before memory operations.
RemediationAI
Vendor-released patches are available across all affected platforms: upgrade iOS/iPadOS to 18.7.9 or 26.5, macOS Sequoia to 15.7.7, macOS Sonoma to 14.8.7, macOS Tahoe to 26.5, tvOS to 26.5, visionOS to 26.5, and watchOS to 26.5. Until patching is completed, restrict users' ability to open untrusted files from external sources, particularly those of file types known to trigger the vulnerable parser (specific file types not disclosed in available advisory). If file processing is business-critical and patching cannot be scheduled immediately, consider sandboxing file processing operations in isolated user accounts with minimal system privileges or using network-based file validation proxies that reject malformed files before delivery to vulnerable clients. Note that delaying patches on mobile platforms (iOS, watchOS) is high-risk given the prevalence of automatic background file handling; prioritize these updates.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29276
GHSA-qmqx-qxq3-57q5