Credential Exposure Vulnerability in Apple's Container Product
CVE-2026-28909

Currently unrated

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-28909?

This vulnerability allows users who connect to malicious registries with hostnames that match certain patterns to inadvertently expose their registry credentials in plaintext. To mitigate this risk, users are advised to update to Container version 0.12.3, which addresses this issue effectively.

Affected Version(s)

macOS 0.12.1 < 0.12.3

References

https://github.com/apple/container/security/advisories/GH...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28909 Data

JSON