Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.
AnalysisAI
A sandbox escape vulnerability in macOS allows malicious applications to break out of their sandbox restrictions through a permissions issue. This affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An attacker who distributes a malicious app could potentially gain unauthorized access to system resources and user data that should be protected by the sandbox security boundary.
Technical ContextAI
The vulnerability exists in the macOS application sandbox mechanism, which is a core security boundary that isolates applications from the broader system and from one another. The issue is classified as a permissions enforcement failure rather than a code execution vulnerability itself. Apple's response involved implementing additional sandbox restrictions, indicating that the existing permission validation logic was insufficient to prevent unauthorized capability escalation. The affected CPE range (cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*) encompasses all macOS variants, though specific versions have been patched. This falls under authorization and access control weaknesses, representing a failure in the enforcement of sandbox isolation policies across multiple macOS releases.
RemediationAI
Immediately update to the patched versions: macOS Sequoia 15.7.5 or later, macOS Sonoma 14.8.5 or later, or macOS Tahoe 26.4 or later. Updates are available through System Settings > General > Software Update. For enterprise environments, deploy these updates through Mobile Device Management (MDM) systems or Mac updates via your standard patch management process. Until patching is completed, restrict installation of applications from untrusted sources and disable installation of apps from sources other than the App Store where possible, as the App Store applies additional security review. Users should also review installed applications and remove any that are not from trusted publishers.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15111
GHSA-7j45-7q44-56w8