CVE-2026-28835
MEDIUM
CVSS 6.5
No EPSS data
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination.
CVSS details
EPSS
This CVE is not currently listed in the EPSS dataset.
Show JSON
{
"cve": {
"id": "CVE-2026-28835",
"cveTags": [],
"metrics": {
"cvssMetricV31": [
{
"type": "Secondary",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
"impactScore": 3.6,
"exploitabilityScore": 2.8
}
]
},
"published": "2026-03-25T01:17:08.587",
"references": [
{
"url": "https://support.apple.com/en-us/126794",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/126795",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/126796",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"source": "product-security@apple.com"
}
],
"vulnStatus": "Analyzed",
"weaknesses": [
{
"type": "Secondary",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination."
},
{
"lang": "es",
"value": "Un problema de uso despu\u00e9s de liberaci\u00f3n se abord\u00f3 con una gesti\u00f3n de memoria mejorada. Este problema est\u00e1 solucionado en macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. El montaje de una compartici\u00f3n de red SMB dise\u00f1ada maliciosamente puede provocar la terminaci\u00f3n del sistema."
}
],
"lastModified": "2026-03-25T21:30:50.887",
"configurations": [
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D66288AF-23BD-407A-81F5-F1DFBF84C622",
"versionEndExcluding": "14.8.5",
"versionStartIncluding": "14.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD21D2C9-BBEC-4E8E-B8D2-C92B7E6155E1",
"versionEndExcluding": "15.7.5",
"versionStartIncluding": "15.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F",
"versionEndExcluding": "26.4",
"versionStartIncluding": "26.0"
}
],
"operator": "OR"
}
]
}
],
"sourceIdentifier": "product-security@apple.com"
}
}