CVE-2026-39871

Published May 11, 2026

Last updated 13 days ago

CVSS high 7.5

Overview

Description: A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.
Source: product-security@apple.com
NVD status: Analyzed
Products: macos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-552

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DD9E7FAE-30DA-4B2B-A63A-6DFEA7A29933",
            "versionEndExcluding": "14.8.7",
            "versionStartIncluding": "14.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2984C440-3DC2-413A-B5FA-1FAB21078DB8",
            "versionEndExcluding": "15.7.7",
            "versionStartIncluding": "15.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837",
            "versionEndExcluding": "26.5",
            "versionStartIncluding": "26.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References