CVE-2026-28877_CVE-2026-28877

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

Basic Information

ID CVE-2026-28877

Source apple

Published Mar 25, 2026 at 00:32

Modified Apr 2, 2026 at 18:14

Affected Product

Vendor Apple

Product iOS and iPadOS

Affected Versions Apple iOS and iPadOS 0
Apple macOS 0
Apple macOS 0
Apple visionOS 0
Apple watchOS 0

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.",
    "published": "2026-03-25T00:32:00.502Z",
    "modified": "2026-04-02T18:14:37.655Z",
    "type": "cve",
    "title": "CVE-2026-28877",
    "source": "apple",
    "references": "https://support.apple.com/en-us/126792\nhttps://support.apple.com/en-us/126794\nhttps://support.apple.com/en-us/126795\nhttps://support.apple.com/en-us/126798\nhttps://support.apple.com/en-us/126799",
    "id": "CVE-2026-28877",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Apple iOS and iPadOS 0\nApple macOS 0\nApple macOS 0\nApple visionOS 0\nApple watchOS 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iOS and iPadOS",
    "version": "0",
    "vendor": "Apple",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}