Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.
AnalysisAI
Sandbox escape vulnerability in Apple operating systems allows malicious apps with low privileges to break out of application sandbox and execute code with elevated privileges on the host system. Affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms. EPSS score of 0.02% (7th percentile) indicates low probability of mass exploitation in the wild, though the CVSS 8.8 score reflects significant potential impact if successfully weaponized. No active exploitation confirmed at time of analysis.
Technical ContextAI
This vulnerability stems from a logic flaw (CWE-269: Improper Privilege Management) in Apple's application sandbox enforcement mechanism, which is a fundamental security boundary across all Apple platforms. The sandbox is a mandatory access control framework that restricts what system resources and APIs an application can access, isolating apps from each other and from critical OS components. The logic issue allowed malicious applications to bypass these restrictions through unspecified means. Apple's fix involved improved restrictions in the sandbox policy enforcement, suggesting the flaw was in how sandbox entitlements or capabilities were evaluated. The vulnerability affects the core operating system security architecture rather than a specific application or service, making it platform-wide across Apple's ecosystem including iOS/iPadOS (both legacy 18.x and current 26.x branches), macOS Tahoe 26.x, tvOS, visionOS, and watchOS.
RemediationAI
Update to patched versions released by Apple: iOS and iPadOS 18.7.9 or 26.5 (depending on device compatibility), macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, or watchOS 26.5. Updates are available through standard system update mechanisms (Settings → General → Software Update on iOS/iPadOS, System Settings → General → Software Update on macOS). No workarounds are available for this vulnerability as it affects core OS sandbox enforcement. For organizations unable to immediately patch, implement compensating controls including strict application whitelisting through Mobile Device Management (MDM) policies to prevent installation of untrusted applications, disable developer mode and sideloading capabilities where enabled, monitor for suspicious application behavior through endpoint detection tools, and restrict physical device access. Note that these controls do not eliminate the vulnerability but reduce attack surface by limiting malicious app installation vectors. Enterprise environments should prioritize patching user-facing devices (iOS/iPadOS) and administrative workstations (macOS) first, as these represent highest-risk attack surfaces.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29288
GHSA-r645-jpx2-wq58