CVEFinder.io

CVE-2026-28889

đŸ”ļ medium
🔍 Scan for this CVE
Summary

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.

CVSS Score
6.2
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-25
First Seen: 2026-03-26
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 39.4% of all 318,071 vulnerabilities in our database.

#192,693
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Mar 25, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-03-26
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-269

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
apple xcode Affected
< 26.4

🔗 References 1

https://support.apple.com/en-us/126801
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28890 đŸ”ļ medium 5.5 0.0 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able... 2026-03-25
CVE-2025-31186 ℹī¸ low 3.3 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to... 2026-01-16
CVE-2025-43504 đŸ”ļ medium 4.9 0.1 A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged... 2025-11-04
CVE-2025-43505 ⚠ī¸ high 8.8 0.1 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing... 2025-11-04
CVE-2025-43263 ⚠ī¸ high 7.1 0.0 The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write file... 2025-09-15
CVE-2025-43370 đŸ”ļ medium 4.0 0.0 A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly larg... 2025-09-15
These CVEs affect the same products