CVE-2026-28890

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 97.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode

Timeline

PublishedMar 25

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apple/xcode< 26.4

▶NVDapple/xcode< 26.4

🔴Vulnerability Details

CVEList

CVE-2026-28890: An out-of-bounds read was addressed with improved bounds checking↗2026-03-25

▶

GHSA

GHSA-r6cr-r92c-wf2r: An out-of-bounds read was addressed with improved bounds checking↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-28890 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶