CVEFinder.io

CVE-2026-28915

⚠️ high
🔍 Scan for this CVE
Summary

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

CVSS Score
7.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-11
First Seen: 2026-05-12
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.7% of all 321,845 vulnerabilities in our database.

#97,453
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-22

📦 Affected Products 3

Vendor Product Status Affected Versions
apple macos Affected
> 14.0 < 14.8.7
apple macos Affected
> 15.0 < 15.7.7
apple macos Affected
> 26.0 < 26.5

🔗 References 3

https://support.apple.com/en-us/127115
Release Notes Vendor Advisory
https://support.apple.com/en-us/127116
Release Notes Vendor Advisory
https://support.apple.com/en-us/127117
Release Notes Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28847 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,... 2026-05-11
CVE-2026-28902 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac... 2026-05-11
CVE-2026-28903 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,... 2026-05-11
CVE-2026-28907 ⚠️ high 8.1 0.1 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9... 2026-05-11
CVE-2026-28914 🔶 medium 5.5 0.0 A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ... 2026-05-11
CVE-2026-28920 🔶 medium 6.5 0.1 An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iO... 2026-05-11
These CVEs affect the same products