App Privacy Report Circumvention in iOS and iPadOS by Apple
CVE-2026-28873

Currently unrated

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-28873?

This vulnerability allows apps to potentially bypass logging mechanisms in the App Privacy Report, which could lead to unauthorized data access and expose user privacy. Apple has resolved this issue with additional entitlement checks in the latest versions of its operating systems.

Affected Version(s)

iOS and iPadOS 0 < 18.7.9

iOS and iPadOS 0 < 26.4

References

https://support.apple.com/en-us/126792

https://support.apple.com/en-us/127111

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28873 Data

JSON