Skip to main content

Apple macOS EUVDEUVD-2026-29237

| CVE-2026-28915 HIGH
Path Traversal (CWE-22)
2026-05-11 apple GHSA-3p5g-f8f7-7m9h
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 08, 2026 - 09:10 vuln.today
CVSS changed
May 13, 2026 - 16:22 NVD
7.8 (HIGH)
Patch available
May 11, 2026 - 22:03 EUVD
CVE Published
May 11, 2026 - 20:07 nvd
HIGH 7.8
CVE Published
May 11, 2026 - 20:07 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

AnalysisAI

Local privilege escalation in Apple macOS (Sequoia, Sonoma, and Tahoe branches) allows a malicious application to gain root privileges by exploiting a path validation flaw in directory path handling. The issue, tracked as CVE-2026-28915 and reported by Apple itself, has no public exploit identified at time of analysis and a very low EPSS score (0.02%), but the total technical impact (root) makes it a meaningful endpoint hardening priority.

Technical ContextAI

The vulnerability is a CWE-22 path traversal weakness in a macOS component that parses directory paths. Per the CPE (cpe:2.3:a:apple:macos:*) and Apple's advisories, the flaw spans multiple supported macOS trains and was remediated by tightening path validation logic. CWE-22 issues typically arise when user- or app-supplied path segments (e.g., '..', symlinks, or unexpected separators) are not normalized before being used for privileged file operations, allowing a process to access or write to locations outside the intended directory and, in this case, escalate to root.

RemediationAI

Apply the vendor-released patches: upgrade to macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, or macOS Tahoe 26.5 as appropriate for each endpoint, using Apple's advisories at https://support.apple.com/en-us/127115, https://support.apple.com/en-us/127116, and https://support.apple.com/en-us/127117. Because exploitation requires the user to run a malicious app, compensating controls while patches roll out include enforcing Gatekeeper and notarization (do not allow apps from unidentified developers), restricting software installation to MDM-approved sources via an allowlist, and using endpoint controls such as TCC and System Integrity Protection (do not disable SIP, which would remove a key mitigation against root-level abuse); these controls reduce the chance that an unsigned exploit binary gets executed but do not address the underlying parsing flaw.

Share

EUVD-2026-29237 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy