Camera Metadata Access Vulnerability in Apple iOS and iPadOS
CVE-2026-28957

3.3LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Visionos
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-28957?

A vulnerability exists in Apple's iOS and iPadOS that allows apps to potentially access a user's camera metadata inappropriately. This flaw can lead to unauthorized screen capture, compromising user privacy. Apple has addressed this issue with enhanced logic in the latest updates, urging users to upgrade to the newest versions of the affected products to ensure their security.

Affected Version(s)

iOS and iPadOS 0 < 18.7.9

iOS and iPadOS 0 < 26.5

visionOS 0 < 26.5

References

https://support.apple.com/en-us/127110

https://support.apple.com/en-us/127111

https://support.apple.com/en-us/127120

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28957 Data

JSON