Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
5DescriptionCVE.org
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.
AnalysisAI
Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.
Technical ContextAI
This vulnerability stems from CWE-125 (Out-of-bounds Read), a memory safety issue where insufficient bounds validation allows reading beyond allocated buffer boundaries. The flaw exists in a shared kernel-level component across Apple's operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS), likely within a system call or inter-process communication mechanism accessible to third-party applications. Out-of-bounds reads can expose sensitive kernel memory contents including cryptographic keys, memory addresses for ASLR bypass, or other processes' data. The cross-platform nature indicated by CPE strings (cpe:2.3:a:apple:ios_and_ipados, cpe:2.3:a:apple:macos, cpe:2.3:a:apple:tvos, cpe:2.3:a:apple:watchos) suggests the vulnerable code exists in Apple's shared XNU kernel or a common framework layer. Apple addressed this through improved bounds checking, a standard mitigation that validates read operations stay within allocated memory regions.
RemediationAI
Update all Apple devices to version 26.5 or later through standard update mechanisms: iOS/iPadOS 26.5 (Settings > General > Software Update), macOS Tahoe 26.5 (System Settings > General > Software Update), tvOS 26.5 (Settings > System > Software Updates), watchOS 26.5 (Watch app > General > Software Update). Vendor advisories with detailed installation instructions are at https://support.apple.com/en-us/127110, https://support.apple.com/en-us/127115, https://support.apple.com/en-us/127118, and https://support.apple.com/en-us/127119. For environments unable to immediately patch, implement compensating controls by restricting application installation to Apple App Store sources only (disable developer mode, remove enterprise MDM profiles allowing sideloading, block jailbreak tools) to prevent malicious app execution, though this significantly limits device functionality for development and testing workflows. No kernel-level workarounds exist since the flaw requires code-level bounds checking fixes.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29301
GHSA-6wgp-q874-jmmx