This document describes the security content of macOS Tahoe 26.4.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released March 24, 2026
Available for: macOS Tahoe
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: An authentication issue was addressed with improved state management.
CVE-2026-28865: Héloïse Gollier and Mathy Vanhoef (KU Leuven)
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28877: Rosyna Keller of Totally Not Malicious Software
Available for: macOS Tahoe
Impact: An app with root privileges may be able to delete protected system files
Description: A path handling issue was addressed with improved validation.
CVE-2026-28823: Ryan Dowd (@_rdowd)
Available for: macOS Tahoe
Impact: Multiple issues in Apache
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-55753
CVE-2025-58098
CVE-2025-59775
CVE-2025-65082
CVE-2025-66200
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28824: Mickey Jin (@patch1t)
CVE-2026-20696: an anonymous researcher
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2026-20699: Mickey Jin (@patch1t)
Available for: macOS Tahoe
Impact: An app may bypass Gatekeeper checks
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20684: Koh M. Nakagawa (@tsunek0h) of FFRI Security, Inc.
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved handling of symlinks.
CVE-2026-20633: Mickey Jin (@patch1t)
Available for: macOS Tahoe
Impact: A malicious app may be able to access arbitrary files
Description: This issue was addressed with improved permissions checking.
CVE-2026-28910: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co), Zhongquan Li (@Guluisacat)
Entry added May 11, 2026
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
CVE-2026-28879: Justin Cohen of Google
Available for: macOS Tahoe
Impact: An attacker may be able to cause unexpected app termination
Description: A type confusion issue was addressed with improved memory handling.
CVE-2026-28822: Jex Amro
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved input validation.
CVE-2026-28894: an anonymous researcher
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2026-28866: Cristian Dinca (icmd.tech)
Available for: macOS Tahoe
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20690: Hossein Lotfi (@hosselot) of TrendAI Zero Day Initiative
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.
CVE-2026-28821: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional sandbox restrictions.
CVE-2026-28838: an anonymous researcher
Available for: macOS Tahoe
Impact: A user in a privileged network position may be able to cause a denial-of-service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2026-28886: Etienne Charron (Renault) and Victoria Martini (Renault)
Available for: macOS Tahoe
Impact: An app may be able to enumerate a user's installed apps
Description: A privacy issue was addressed by removing sensitive data.
CVE-2026-28878: Zhongcheng Li from IES Red Team
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2026-28888: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Tahoe
Impact: A document may be written to a temporary file when using print preview
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2026-28893: Asaf Cohen
Available for: macOS Tahoe
Impact: An issue existed in curl which may result in unintentionally sending sensitive information via an incorrect connection
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-14524
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28876: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Tahoe
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2026-28892: 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc)
Available for: macOS Tahoe
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2026-28832: DARKNAVY (@DarkNavyOrg)
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An information leakage was addressed with additional validation.
CVE-2026-28870: XiguaSec
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with improved state handling.
CVE-2026-28834: an anonymous researcher
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed by moving sensitive data.
CVE-2026-28881: Ye Zhang of Baidu Security, Ryan Dowd (@_rdowd), Csaba Fitzl (@theevilbit) of Iru
Available for: macOS Tahoe
Impact: An app may be able to enumerate a user's installed apps
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28880: Zhongcheng Li from IES Red Team
CVE-2026-28833: Zhongcheng Li from IES Red Team
Available for: macOS Tahoe
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-64505
Available for: macOS Tahoe
Impact: A buffer overflow may result in memory corruption and unexpected app termination
Description: The issue was addressed with improved bounds checks.
CVE-2026-28842: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Available for: macOS Tahoe
Impact: A buffer overflow may result in memory corruption and unexpected app termination
Description: A buffer overflow was addressed with improved size validation.
CVE-2026-28841: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Available for: macOS Tahoe
Impact: An app may be able to disclose kernel memory
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28868: Gor Aleksanyan, Dhiyanesh Selvaraj (@redroot97), 이동하 (Lee Dong Ha of BoB 0xB6)
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to leak sensitive kernel state
Description: This issue was addressed with improved authentication.
CVE-2026-28867: Jian Lee (@speedyfriend433)
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20698: DARKNAVY (@DarkNavyOrg)
Available for: macOS Tahoe
Impact: An app may be able to determine kernel memory layout
Description: An information disclosure issue was addressed with improved memory management.
CVE-2026-20695: Gor Aleksanyan, 이동하 (Lee Dong Ha of BoB 0xB6) working with TrendAI Zero Day Initiative, hari shanmugam
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A use after free issue was addressed with improved memory management.
CVE-2026-20687: Johnny Franks (@zeroxjf)
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28845: Yuebin Sun (@yuebinsun2020), an anonymous researcher, Nathaniel Oh (@calysteon), Kirin (@Pwnrin), Wojciech Regula of SecuRing (wojciechregula.blog), Joshua Jewett (@JoshJewett33), an anonymous researcher
Available for: macOS Tahoe
Impact: An app may be able to enumerate a user's installed apps
Description: This issue was addressed with improved checks.
CVE-2026-28882: Ilya Andr (andrd3v), Ilias Morad (A2nkF) of Voynich Group, Duy Trần (@khanhduytran0), @hugeBlack
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20607: an anonymous researcher
Available for: macOS Tahoe
Impact: "Hide IP Address" and "Block All Remote Content" may not apply to all mail content
Description: A privacy issue was addressed with improved handling of user preferences.
CVE-2026-20692: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, Himanshu Bharti (@Xpl0itme) from Khatima
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved handling of symlinks.
CVE-2026-20694: Rodolphe Brunetti (@eisw0lf) of Lupus Nova
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20632: Rodolphe Brunetti (@eisw0lf) of Lupus Nova
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved checks.
CVE-2026-28839: Mickey Jin (@patch1t)
Available for: macOS Tahoe
Impact: An app may be able to connect to a network share without user consent
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2026-20701: Matej Moravec (@MacejkoMoravec)
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A race condition was addressed with additional validation.
CVE-2026-28891: an anonymous researcher
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28827: Csaba Fitzl (@theevilbit) of Iru, an anonymous researcher
Available for: macOS Tahoe
Impact: An app may be able to delete files for which it does not have permission
Description: A path handling issue was addressed with improved validation.
CVE-2026-28816: Dawuge of Shuffle Team and Hunan University
Available for: macOS Tahoe
Impact: A malicious app may be able to break out of its sandbox
Description: A logic issue was addressed with improved restrictions.
CVE-2026-28826: an anonymous researcher
Available for: macOS Tahoe
Impact: A user may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2026-20631: Gergely Kalman (@gergely_kalman)
Available for: macOS Tahoe
Impact: An attacker with root privileges may be able to delete protected system files
Description: This issue was addressed through improved state management.
CVE-2026-20693: Mickey Jin (@patch1t)
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28840: Andrei Dodu, Morris Richman (@morrisinlife)
Entry added May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2026-28862: Kun Peeks (@SwayZGl1tZyyy)
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28831: an anonymous researcher
Available for: macOS Tahoe
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A race condition was addressed with improved state handling.
CVE-2026-28817: Gyujeong Jin (@G1uN4sh) at Team.0xb6
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2026-20688: wdszzml and Atuin Automated Vulnerability Discovery Engine
Available for: macOS Tahoe
Impact: A local attacker may gain access to user's Keychain items
Description: This issue was addressed with improved permissions checking.
CVE-2026-28864: Alex Radocea
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-28830: an anonymous researcher
Entry added May 11, 2026
Available for: macOS Tahoe
Impact: A local attacker may be able to modify the state of the Keychain
Description: The issue was addressed with improved input validation.
CVE-2026-28860: Alex Radocea
Entry added May 11, 2026
Available for: macOS Tahoe
Impact: Mounting a maliciously crafted SMB network share may lead to system termination
Description: A use-after-free issue was addressed with improved memory management.
CVE-2026-28835: Christian Kohlschütter
Available for: macOS Tahoe
Impact: An app may be able to modify protected parts of the file system
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-28825: Sreejith Krishnan R and Dave G.
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28818: @pixiepointsec
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20697: @pixiepointsec
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved checks.
CVE-2026-28820: Mickey Jin (@patch1t)
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2026-28837: Luke Roberts (@rookuu)
Available for: macOS Tahoe
Impact: An attacker may gain access to protected parts of the file system
Description: A file access issue was addressed with improved input validation.
CVE-2026-28844: Pedro Tôrres (@t0rr3sp3dr0)
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2026-28828: Mickey Jin (@patch1t)
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: A stack overflow was addressed with improved input validation.
CVE-2026-28852: Caspian Tarafdar
Available for: macOS Tahoe
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2026-20657: Andrew Becker
Entry added May 11, 2026
Available for: macOS Tahoe
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28829: Sreejith Krishnan R
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 304951
CVE-2026-20665: webb
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may bypass Same Origin Policy
Description: A cross-origin issue in the Navigation API was addressed with improved input validation.
WebKit Bugzilla: 306050
CVE-2026-20643: Thomas Espach
Available for: macOS Tahoe
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 305859
CVE-2026-28871: @hamayanhamayan
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 306136
CVE-2026-20664: Yeonghyeon Choi, Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch3301, Yevhen Pervushyn
WebKit Bugzilla: 307723
CVE-2026-28857: Minse Kim, Narcis Oliveras Fontàs, Söhnke Benedikt Fischedick (Tripton), Daniel Rhea, Nathaniel Oh (@calysteon)
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: A malicious website may be able to access script message handlers intended for other origins
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 307014
CVE-2026-28861: Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team, and webb
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: A malicious website may be able to process restricted web content outside the sandbox
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 308248
CVE-2026-28859: greenbynox, Arni Hardarson, and an anonymous researcher
Entry updated May 11, 2026
Available for: macOS Tahoe
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: An authorization issue was addressed with improved state management.
WebKit Bugzilla: 306827
CVE-2026-20691: Gongyu Ma (@Mezone0)
We would like to acknowledge Jacob Prezant (prezant.us) for their assistance.
We would like to acknowledge Sota Toyokura for their assistance.
We would like to acknowledge Frantisek Piekut, Yashar Shahinzadeh, Saman Ebrahimnezhad, Amir Safari, Omid Rezaii for their assistance.
We would like to acknowledge Hamid Mahmoud for their assistance.
We would like to acknowledge Csaba Fitzl (@theevilbit) of Iru, Kun Peeks (@SwayZGl1tZyyy) for their assistance.
We would like to acknowledge Nils Hanff (@nils1729@chaos.social) of Hasso Plattner Institute for their assistance.
We would like to acknowledge Suresh Sundaram, Willard Jansen for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Fein, Iccccc & Ziiiro for their assistance.
We would like to acknowledge Peter Malone and Mustafa Calap for their assistance.
Entry updated May 11, 2026
We would like to acknowledge Jonathan Bar Or (@yo_yo_yo_jbo) for their assistance.
We would like to acknowledge Salemdomain for their assistance.
We would like to acknowledge Jian Lee (@speedyfriend433) for their assistance.
We would like to acknowledge Jian Lee (@speedyfriend433) for their assistance.
We would like to acknowledge Lyutoon and YenKoc, Mingxuan Yang (@PPPF00L), Minghao Lin (@Y1nKoc) and 风 (@binary_fmyy) of 抽象刷怪笼 for their assistance.
We would like to acknowledge Jian Lee (@speedyfriend433) for their assistance.
We would like to acknowledge Adam Doupé of ASU SEFCOM, DARKNAVY (@DarkNavyOrg), Kylian Boulard De Pouqueville From Fuzzinglabs, Patrick Ventuzelo From Fuzzinglabs, Robert Tran, Suresh Sundaram, Tristan Madani (@TristanInSec) from Talence Security, Xinru Chi of Pangu Lab for their assistance.
Entry updated May 11, 2026
We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, Arni Hardarson for their assistance.
We would like to acknowledge Vitaly Simonovich (vitalysim.com) for their assistance.
Entry updated May 11, 2026
We would like to acknowledge Ilias Morad (@A2nkF_) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge William Mather for their assistance.
We would like to acknowledge JZ for their assistance.
We would like to acknowledge Gongyu Ma (@Mezone0) for their assistance.
We would like to acknowledge Mohammad Kaif (@_mkahmad | kaif0x01) for their assistance.
We would like to acknowledge Dawuge of Shuffle Team and Hunan University for their assistance.
We would like to acknowledge Barath Stalin K for their assistance.
We would like to acknowledge Dave G. for their assistance.
We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance.
We would like to acknowledge @RenwaX23, Farras Givari, Syarif Muhammad Sajjad, Yair for their assistance.
We would like to acknowledge Morris Richman (@morrisinlife), Prashan Samarathunge, 要乐奈 for their assistance.
We would like to acknowledge Waleed Barakat (@WilDN00B) and Paul Montgomery (@nullevent) for their assistance.
We would like to acknowledge Anand Mallaya, Tech consultant, Anand Mallaya and Co., DARKNAVY (@DarkNavyOrg), Harsh Kirdolia, Hrishikesh Parmar of Self-Employed, HvxyZLF, Ilya Andr (andrd3v), Kun Peeks (@SwayZGl1tZyyy) for their assistance.
Entry updated May 11, 2026
We would like to acknowledge Bilge Kaan Mızrak, Claude & Friends: Risk Analytics Research Group, Zack Tickman for their assistance.
We would like to acknowledge Christian Scalese (www.linkedin.com/in/christian-scalese-5794092aa), Karol Mazurek (@karmaz) of AFINE, Raffaele Sabato at SentinelOne for their assistance.
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India for their assistance.
We would like to acknowledge AEC, Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India, Alex Thomas, Bishal Kafle (@whoisbishal.k), Carlos Luna (U.S. Department of the Navy), Dalibor Milanovic, Daren Goodchild, JS De Mattei, Maxwell Garn, Zack Tickman, fuyuu12, incredincomp for their assistance.
Entry updated May 11, 2026
We would like to acknowledge Zhongcheng Li from IES Red Team of ByteDance for their assistance.
We would like to acknowledge Carlos Jeurissen, Rob Wu (robwu.nl) for their assistance.
We would like to acknowledge Vamshi Paili for their assistance.
We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy), an anonymous researcher for their assistance.
We would like to acknowledge Alex Radocea of Supernetworks, Inc for their assistance.
We would like to acknowledge Marcel Voß, Mitul Pranjay, Serok Çelik for their assistance.
We would like to acknowledge Jian Lee (@speedyfriend433) for their assistance.