CVE-2026-39871
Path Handling Flaw in macOS Leaks User Data
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos_sequoia | 15.7.7 |
| apple | macos_sonoma | 14.8.7 |
| apple | macos_tahoe | 26.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an app to potentially observe unprotected user data due to a path handling issue. Exposure of unprotected user data can have implications for compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information.
However, specific impacts on compliance with these standards are not detailed in the provided information.
Can you explain this vulnerability to me?
This vulnerability is a path handling issue in certain versions of macOS (Sequoia, Sonoma, Tahoe). It was addressed by improving the logic that handles file paths. Due to this issue, an application may be able to observe user data that is supposed to be unprotected.
How can this vulnerability impact me? :
The impact of this vulnerability is that an application could potentially access or observe user data that should be protected. This could lead to unauthorized exposure of sensitive or private information.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. To mitigate this vulnerability, you should update your system to one of these versions or later.