CVEFinder.io

CVE-2026-28890

đŸ”ļ medium
🔍 Scan for this CVE
Summary

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-25
First Seen: 2026-03-26
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.7% of all 318,071 vulnerabilities in our database.

#214,189
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Mar 25, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-03-26
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-125

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
apple xcode Affected
< 26.4

🔗 References 1

https://support.apple.com/en-us/126801
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28889 đŸ”ļ medium 6.2 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to... 2026-03-25
CVE-2025-31186 ℹī¸ low 3.3 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to... 2026-01-16
CVE-2025-43504 đŸ”ļ medium 4.9 0.1 A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged... 2025-11-04
CVE-2025-43505 ⚠ī¸ high 8.8 0.1 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing... 2025-11-04
CVE-2025-43263 ⚠ī¸ high 7.1 0.0 The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write file... 2025-09-15
CVE-2025-43370 đŸ”ļ medium 4.0 0.0 A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly larg... 2025-09-15
These CVEs affect the same products