CVE-2026-28936

⚠️ high

Summary

The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.

CVSS Score

7.5

High

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-11

First Seen: 2026-05-12

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.1% of all 321,845 vulnerabilities in our database.

#99,578

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 13, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-20

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
apple	iphone_os	Affected	< 18.7.9
apple	iphone_os	Affected	> 26.0 < 26.5
apple	ipados	Affected	< 18.7.9
apple	ipados	Affected	> 26.0 < 26.5
apple	macos	Affected	> 14.0 < 14.8.7
apple	macos	Affected	> 26.0 < 26.5
apple	visionos	Affected	< 26.5

🔗 References 5

https://support.apple.com/en-us/127110

Release Notes Vendor Advisory

https://support.apple.com/en-us/127111

Release Notes Vendor Advisory

https://support.apple.com/en-us/127115

Release Notes Vendor Advisory

https://support.apple.com/en-us/127117

Release Notes Vendor Advisory

https://support.apple.com/en-us/127120

Release Notes Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-28847	🔶 medium	6.5	0.0	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,...	2026-05-11
CVE-2026-28873	⚠️ high	7.5	0.0	This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26...	2026-05-11
CVE-2026-28902	🔶 medium	6.5	0.0	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac...	2026-05-11
CVE-2026-28903	🔶 medium	6.5	0.0	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,...	2026-05-11
CVE-2026-28907	⚠️ high	8.1	0.1	The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9...	2026-05-11
CVE-2026-28920	🔶 medium	6.5	0.1	An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iO...	2026-05-11

These CVEs affect the same products