Race Condition Vulnerability in macOS Products by Apple
CVE-2026-28891

8.1HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-28891?

A race condition vulnerability has been identified in specific versions of macOS, where an application may potentially breach its sandbox environment due to insufficient validation. This flaw could allow applications to execute unauthorized commands or access protected resources. Apple has addressed this issue in the latest updates, ensuring enhanced validation mechanisms are in place to prevent such exploit attempts.

Affected Version(s)

macOS 0 < 14.8.5

macOS 0 < 15.7.5

macOS 0 < 26.4

References

https://support.apple.com/en-us/126794

https://support.apple.com/en-us/126795

https://support.apple.com/en-us/126796

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28891 Data

JSON