CVE-2026-28915
Path Traversal in macOS
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos_sequoia | 15.7.7 |
| apple | macos_sonoma | 14.8.7 |
| apple | macos_tahoe | 26.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a parsing issue related to the handling of directory paths in certain versions of macOS. The problem was that the system did not properly validate directory paths, which could be exploited.
The issue has been fixed by improving path validation in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.
An application exploiting this vulnerability may be able to gain root privileges on the affected system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an application to gain root privileges on your macOS system.
Gaining root privileges means an attacker could have full control over the system, potentially leading to unauthorized access, data modification, or system compromise.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your macOS system to one of the fixed versions: macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, or macOS Tahoe 26.5.