CVE-2026-28842

CWE-122 — Heap-based Buffer Overflow CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

7.5HIGH

EPSS

0.1%

top 82.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos

Timeline

PublishedMar 25

Description

The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apple/macos< 26.4

▶NVDapple/macos26.0 — 26.4

🔴Vulnerability Details

CVEList

CVE-2026-28842: The issue was addressed with improved bounds checks↗2026-03-25

▶

GHSA

GHSA-xvfm-vcfx-8599: The issue was addressed with improved bounds checks↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-28842 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶