Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks.
AnalysisAI
A permissions validation flaw in macOS Tahoe allows applications to circumvent Gatekeeper security checks, potentially enabling execution of untrusted or malicious code that would normally be blocked by Apple's code signing and notarization mechanisms. This vulnerability affects macOS Tahoe versions prior to 26.4 and is fixed in the 26.4 release. An attacker with the ability to distribute a specially crafted application could bypass endpoint security controls designed to protect users from unsigned or malicious software.
Technical ContextAI
Gatekeeper is macOS's foundational security mechanism that validates code signatures and notarization status before allowing application execution. This vulnerability represents a weakness in the permission validation logic within Gatekeeper's enforcement layer, allowing applications to bypass these checks through insufficient access control validation. The issue is classified as a permissions/authorization bypass vulnerability affecting the core macOS operating system (CPE: cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*). Rather than a specific CWE being disclosed, the root cause appears to be improper input validation or authorization checks in the Gatekeeper subsystem's permission enforcement mechanism.
RemediationAI
Immediately upgrade to macOS Tahoe 26.4 or later to remediate this vulnerability. Users should navigate to System Settings > General > Software Update and install all available updates. Organizations should prioritize deployment of this patch across all macOS Tahoe systems given the critical nature of Gatekeeper bypass. Until patching is completed, enforce application execution policies through third-party endpoint detection and response solutions and restrict administrative privileges to limit the scope of compromise if a malicious application is executed.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15056
GHSA-8j6h-jv9f-2r4r