App Privacy Report Circumvention in iOS and iPadOS by Apple
CVE-2026-28873

7.5HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-28873?

This vulnerability allows apps to potentially bypass logging mechanisms in the App Privacy Report, which could lead to unauthorized data access and expose user privacy. Apple has resolved this issue with additional entitlement checks in the latest versions of its operating systems.

Affected Version(s)

iOS and iPadOS 0 < 18.7.9

iOS and iPadOS 0 < 26.4

References

https://support.apple.com/en-us/126792

https://support.apple.com/en-us/127111

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28873 Data

JSON