exploitDog

CVE-2026-28827

Опубликовано: 25 мар. 2026

Источник: nvd

CVSS3: 9.3

EPSS Низкий

Описание

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.

Ссылки

https://support.apple.com/en-us/126794
Release Notes
Vendor Advisory
https://support.apple.com/en-us/126795
Release Notes
Vendor Advisory
https://support.apple.com/en-us/126796
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.8.5 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 15.0 (включая) до 15.7.5 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 26.0 (включая) до 26.4 (исключая)

EPSS

Процентиль: 8%

0.00028

Низкий

9.3 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-4546-p244-689v

CVSS3: 9.3

github

около 2 месяцев назад

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.

EPSS

Процентиль: 8%

0.00028

Низкий

9.3 Critical

CVSS3

Дефекты

CWE-22