Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.
AnalysisAI
A permissions enforcement vulnerability in Apple operating systems allows unauthorized enumeration of installed applications on a user's device. This information disclosure issue affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker with the ability to execute code as an installed application could enumerate the complete list of user-installed applications without explicit user permission, enabling targeted attacks, privacy violations, and device profiling.
Technical ContextAI
The vulnerability stems from insufficient permission validation in Apple's application enumeration APIs across multiple operating systems. The root cause involves inadequate access control checks that fail to properly restrict an application's ability to query the system's installed application database. This affects the following products as identified through CPE matching: cpe:2.3:a:apple:ios_and_ipados, cpe:2.3:a:apple:macos, and cpe:2.3:a:apple:visionos. The vulnerability is classified as an Information Disclosure issue (CWE category related to improper restriction of rendered UI layers or unintended content exposure). The flaw exists in the permission boundary enforcement mechanisms that should isolate applications from accessing system-wide application inventory without explicit sandbox exceptions or user grants.
RemediationAI
Users and administrators should immediately update affected devices to the patched versions: iOS and iPadOS 18.7.7 or later, iOS and iPadOS 26.4 or later, macOS Sequoia 15.7.5 or later, macOS Sonoma 14.8.5 or later, macOS Tahoe 26.4 or later, and visionOS 26.4 or later. For iOS/iPadOS, enable automatic updates via Settings > General > Software Update > Automatic Updates. For macOS, open System Settings > General > Software Update and apply updates immediately. Additionally, review installed applications for suspicious or unnecessary apps that may have been installed by users unaware of enumeration risks. Organizations should enforce mobile device management (MDM) policies to mandate prompt patching and restrict sideloading of untrusted applications. Users can mitigate interim risk by avoiding installation of applications from untrusted sources until patches are deployed. Refer to Apple's official security advisories at https://support.apple.com/en-us/126792 through 126799 for version-specific patch details.
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth
This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15161
GHSA-wh29-fhm6-hqrh