{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28891", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2026-03-03T16:36:03.981Z", "datePublished": "2026-03-25T00:32:55.358Z", "dateUpdated": "2026-04-02T18:25:48.746Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox."}], "references": [{"url": "https://support.apple.com/en-us/126794"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:25:48.746Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:35:20.447634Z", "id": "CVE-2026-28891", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:35:23.099Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-28891", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T14:35:20.447634Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:35:13.978Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "14.8.5", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "15.7.5", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "26.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126794"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:55.358Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28891", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:35:23.099Z", "dateReserved": "2026-03-03T16:36:03.981Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-03-25T00:32:55.358Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D66288AF-23BD-407A-81F5-F1DFBF84C622", "versionEndExcluding": "14.8.5", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD21D2C9-BBEC-4E8E-B8D2-C92B7E6155E1", "versionEndExcluding": "15.7.5", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F", "versionEndExcluding": "26.4", "versionStartIncluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox."}], "id": "CVE-2026-28891", "lastModified": "2026-03-25T17:59:49.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T01:17:12.580", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126794"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126795"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126796"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.7.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T20:24:05.631811+00:00", "value": {"mitigation_remediation": ["Install macOS updates to version 15.7.5, 14.8.5, or 26.4 or later, which fix the race condition.", "Verify the update installation by checking the system\u2019s Software Update pane or running softwareupdate --history.", "If the update cannot be applied immediately, limit the use of affected sandboxed applications until the patch is installed to reduce the chance of exploitation."], "summary": {"action": "Apply Patch", "impact": "Sandbox escape via race condition"}, "threat_synthesis": {"affected_systems": "Apple macOS versions before 15.7.5 (Sequoia), 14.8.5 (Sonoma), and 26.4 (Tahoe) are affected. Devices running earlier releases of these macOS lines can run a sandboxed application that may exploit the race condition.", "description_and_impact": "The vulnerability is a race condition in macOS that can allow a sandboxed application to escape its sandbox and access protected resources. It results from a timing-related flaw that was corrected by adding additional validation logic in the operating system.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity. An EPSS score of less than 1\u202f% suggests a low likelihood of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack path requires inducing a race condition within a sandboxed application, which may involve manipulating the timing of operations; this is inferred from the nature of a race condition but is not directly confirmed by the provided data. Because of the need for precise timing, exploitation is considered to have moderate difficulty."}}}}, "created": "2026-03-25T11:35:57.405362+00:00", "title": "Race Condition Enables Sandbox Escape in macOS", "updated": "2026-03-25T21:16:14.356876+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}