Skip to main content

macOS EUVDEUVD-2026-29294

| CVE-2026-39871 HIGH
Files or Directories Accessible to External Parties (CWE-552)
2026-05-11 apple GHSA-96r9-8crr-vwwp
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 14:30 vuln.today
CVSS changed
May 12, 2026 - 14:22 NVD
7.5 (HIGH)
Patch available
May 11, 2026 - 22:18 EUVD
CVE Published
May 11, 2026 - 20:07 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:07 nvd
HIGH 7.5

DescriptionCVE.org

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.

AnalysisAI

Information disclosure in macOS allows malicious applications to read unprotected user data through a path handling vulnerability. Affects macOS Sequoia (prior to 15.7.7), Sonoma (prior to 14.8.7), and Tahoe (prior to 26.5). The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears misaligned with the vendor description indicating local app-based exploitation, requiring verification. Despite high CVSS 7.5, EPSS of 0.02% (4th percentile) suggests minimal observed exploitation activity. No public exploit code or CISA KEV listing identified at time of analysis.

Technical ContextAI

This vulnerability stems from CWE-552 (Files or Directories Accessible to External Parties) caused by improper path handling logic in macOS filesystem access controls. The flaw allows applications to bypass intended access restrictions and traverse or reference paths to read sensitive user data that should be protected by macOS privacy mechanisms like Transparency, Consent, and Control (TCC). Path traversal and symbolic link handling weaknesses in operating systems frequently enable privilege boundary violations where sandboxed or unprivileged applications gain unauthorized read access to protected directories containing credentials, browser data, keychain items, or personal files. Apple's fix involved improving path validation and canonicalization logic to prevent applications from constructing file paths that circumvent access controls.

RemediationAI

Apply vendor-released patches immediately: upgrade macOS Sequoia to version 15.7.7 or later, macOS Sonoma to version 14.8.7 or later, or macOS Tahoe to version 26.5 or later through System Settings > General > Software Update or via enterprise deployment tools like Jamf or Munki. Detailed installation guidance available in Apple security advisories at https://support.apple.com/en-us/127115, https://support.apple.com/en-us/127116, and https://support.apple.com/en-us/127117. If immediate patching is not feasible, implement application allowlisting to prevent execution of untrusted applications that could exploit the path handling flaw - note this reduces usability and requires ongoing maintenance of approved application lists. Review and restrict user-level application installation privileges using managed preferences, though this may impact legitimate productivity tools. Monitor filesystem access logs for anomalous read patterns to sensitive user directories (/Users/*/Library, ~/Documents) as a detection layer, understanding this generates significant log volume and requires dedicated SIEM correlation. No workaround fully mitigates risk; patching remains the only complete remediation.

Share

EUVD-2026-29294 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy