Logging Issue in iOS and iPadOS by Apple
CVE-2026-28950

6.2MEDIUM

Key Information:

Vendor

Apple
Status
iOS And iPad OS
iPad OS
Vendor
CVE Published:
22 April 2026

Badges

📈 Trended📈 Score: 2,040📰 News Worthy

What is CVE-2026-28950?

CVE-2026-28950 is a vulnerability identified in the iOS and iPadOS operating systems developed by Apple. This flaw arises from a logging issue that affects how notifications marked for deletion may still be retained on devices, potentially leading to unintended exposure of sensitive information. Such a logging error compromises the integrity of data handling, raising concerns particularly in environments where data privacy and security are critically important. This vulnerability could negatively impact organizations by allowing for the potential retrieval of private user notifications, which might contain sensitive or confidential information that should have been adequately redacted or deleted.

Potential impact of CVE-2026-28950

  1. Data Leakage: The vulnerability may lead to the inadvertent retention of deleted notifications, thereby increasing the risk of sensitive information being exposed to unauthorized users or malicious actors. This could have significant implications for user privacy and data protection regulations compliance.

  2. Regulatory Compliance Risks: Organizations relying on iOS and iPadOS for business operations may face challenges in meeting regulatory standards concerning data handling and privacy, potentially leading to legal and financial repercussions.

  3. Reputation Damage: If users' private information were to be exposed due to this vulnerability, organizations may suffer from reputational damage, impacting customer trust and future business opportunities.

Affected Version(s)

iOS and iPadOS 0 < 15.8.8

iOS and iPadOS 0 < 16.7.16

iOS and iPadOS 0 < 18.7.8

News Articles

favicon imageTechzine Europe

Apple patches iOS bug that allowed the FBI to read Signal messages

Apple patches CVE-2026-28950: an iOS bug that caused deleted notifications to be retained, allowing the FBI to recover Signal messages.

3 weeks ago

favicon imageRepublic World

Deleted Didn’t Mean Gone: Apple Fixes iPhone Bug Exploited in FBI Probe, Patches Notification Data Flaw in iOS 26.4.2

Apple has released iOS 26.4.2 and iPadOS 26.4.2 to fix a serious notification flaw (CVE-2026-28950) that allowed deleted message alerts to linger, exposing Signal messages in FBI investigations. Learn how this bug impacted privacy and why updating your device is critical.

3 weeks ago

favicon imageLatestly

iOS 26.4.2 Update Released, Apple Fixes Critical Notification Database Vulnerability | 📲 LatestLY

Apple has launched iOS 26.4.2 to fix a critical security flaw (CVE-2026-28950) that allowed deleted notifications to be stored permanently on iPhones. This vulnerability was reportedly used by the FBI to recover Signal message content. The iOS 26.4.2 update purges all improperly retained notificatio...

4 weeks ago

References

https://support.apple.com/en-us/127002
https://support.apple.com/en-us/127003
https://support.apple.com/en-us/127112

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.