CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-20696
https://notcve.org/view.php?id=CVE-2026-20696
11 May 2026 — An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. • https://support.apple.com/en-us/126794 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-28951
https://notcve.org/view.php?id=CVE-2026-28951
11 May 2026 — An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges. • https://support.apple.com/en-us/127110 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-28906
https://notcve.org/view.php?id=CVE-2026-28906
11 May 2026 — This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An attacker may be able to track users through their IP address. • https://support.apple.com/en-us/127110 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28910
https://notcve.org/view.php?id=CVE-2026-28910
11 May 2026 — This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files. • https://support.apple.com/en-us/126794 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2026-28947
https://notcve.org/view.php?id=CVE-2026-28947
11 May 2026 — A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/127110 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43658
https://notcve.org/view.php?id=CVE-2026-43658
11 May 2026 — The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/127110 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2026-28992
https://notcve.org/view.php?id=CVE-2026-28992
11 May 2026 — A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination. • https://support.apple.com/en-us/127110 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-28952
https://notcve.org/view.php?id=CVE-2026-28952
11 May 2026 — An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination. • https://support.apple.com/en-us/127111 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-28905
https://notcve.org/view.php?id=CVE-2026-28905
11 May 2026 — The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. • https://support.apple.com/en-us/127110 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-28840
https://notcve.org/view.php?id=CVE-2026-28840
11 May 2026 — A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges. • https://support.apple.com/en-us/126794 • CWE-269: Improper Privilege Management •