{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28858", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2026-03-03T16:36:03.972Z", "datePublished": "2026-03-25T00:32:28.144Z", "dateUpdated": "2026-04-02T18:20:23.507Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A remote user may be able to cause unexpected system termination or corrupt kernel memory"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory."}], "references": [{"url": "https://support.apple.com/en-us/126792"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:20:23.507Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28858"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T03:55:38.295Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-28858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T19:20:48.881374Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:20:43.746Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126792"}], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A remote user may be able to cause unexpected system termination or corrupt kernel memory"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:28.144Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28858", "state": "PUBLISHED", "dateUpdated": "2026-03-26T03:55:38.295Z", "dateReserved": "2026-03-03T16:36:03.972Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-03-25T00:32:28.144Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "F813DB63-2B55-4E0B-9073-5465C65F69D6", "versionEndExcluding": "26.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "01612D13-BE5B-43F8-B53E-5BF57F2A5B0C", "versionEndExcluding": "26.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory."}, {"lang": "es", "value": "Se corrigi\u00f3 un desbordamiento de b\u00fafer mediante una comprobaci\u00f3n de l\u00edmites mejorada. Este problema se corrigi\u00f3 en iOS 26.4 y iPadOS 26.4. Un usuario remoto podr\u00eda causar una terminaci\u00f3n inesperada del sistema o corromper la memoria del kernel."}], "id": "CVE-2026-28858", "lastModified": "2026-03-26T18:58:43.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T01:17:09.920", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/126792"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iOS and iPadOS", "source": "cna", "vendor": "Apple"}, "product": "ios_and_ipados", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-26T21:31:20.517590+00:00", "value": {"mitigation_remediation": ["Update the device to iOS 26.4 or iPadOS 26.4 as soon as possible.", "Verify that the operating system version is at least 26.4.", "If an update cannot be performed immediately, restrict the device\u2019s exposure to untrusted networks and monitor for kernel crashes or abnormal behavior."], "summary": {"action": "Immediate Patch", "impact": "Kernel Memory Corruption"}, "threat_synthesis": {"affected_systems": "The defect affects Apple iOS and iPadOS devices running any release prior to version 26.4. Apple\u2019s advisory indicates that iOS 26.4 and iPadOS 26.4 contain the fix, protecting devices that run those or later releases.", "description_and_impact": "A classic buffer overflow was reported, resulting from inadequate bounds checking. This flaw lets a remote user trigger unexpected system termination or corrupt kernel memory, a vulnerability classified as CWE\u2011120. The potential impact includes loss of availability and, if an attacker can successfully write to arbitrary kernel memory, a compromise of confidentiality and integrity on the affected device.", "risk_and_exploitability": "The CVSS score of 9.8 signals a critical severity. Although the EPSS indicates a probability of exploitation of less than 1\u202f% and the vulnerability is not listed in the KEV catalog, the remote nature of the attack and the serious consequence of kernel memory corruption make the risk high. Based on the description, it is inferred that a remote attacker could deliver a crafted payload to trigger the overflow, potentially enabling further exploitation such as code execution."}}}}, "created": "2026-03-25T11:36:21.423429+00:00", "title": "Kernel Buffer Overflow in iOS and iPadOS Allowing Remote Memory Corruption", "updated": "2026-03-27T09:50:37.535006+00:00", "vendors": ["apple", "apple$PRODUCT$ios_and_ipados"]}