CVE-2026-28866

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 18.7.7 Apple iPadOS versions prior to 18.7.7 Apple iOS versions prior to 26.4 Apple iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4

Description The issue involves insufficient validation of symlinks, potentially allowing an application to access sensitive user data.

Recommendations Update to iOS version 18.7.7 or later. Update to iPadOS version 18.7.7 or later. Update to iOS version 26.4 or later. Update to iPadOS version 26.4 or later. Update to macOS Sequoia version 15.7.5 or later. Update to macOS Sonoma version 14.8.5 or later. Update to macOS Tahoe version 26.4 or later.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2026-28866

Affected Products

Apple Macos

Ios

Ipados

Macos Sequoia

Macos Sonoma

Macos Tahoe

CVE-2026-28866

Weakness Enumeration

Related Identifiers

Affected Products

References · 9