Input Validation Flaw in Apple’s iOS and macOS Products
CVE-2026-28985

6.2MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; TV OS
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-28985?

A vulnerability exists in Apple's iOS, iPadOS, macOS, and tvOS due to improper input validation, leading to a null pointer dereference. An attacker on the local network could exploit this flaw to induce a denial-of-service condition. The issue has been remedied in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5, enhancing the security of these platforms.

Affected Version(s)

iOS and iPadOS 0 < 26.5

macOS 0 < 26.5

tvOS 0 < 26.5

References

https://support.apple.com/en-us/127110

https://support.apple.com/en-us/127115

https://support.apple.com/en-us/127118

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28985 Data

JSON