An out-of-bounds read was addressed with improved bounds checking.
macOSApple
MacOS Tahoe 26.5
Released May 11, 2026
Accelerate
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2026-28991: Seiji Sakurai (@HeapSmasher)
Accounts
Available for: macOS Tahoe
Impact: An app may be able to bypass certain Privacy preferences
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28988: Asaf Cohen
APFS
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28959: Dave G.
App Intents
Available for: macOS Tahoe
Impact: A malicious app may be able to break out of its sandbox
Description: A logic issue was addressed with improved restrictions.
CVE-2026-28995: Vamshi Paili, Tony Gorez (@tonygo_) for Reverse Society
AppleJPEG
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may lead to a denial-of-service
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2026-1837
AppleJPEG
Available for: macOS Tahoe
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2026-28956: impost0r (ret2plt)
Audio
Available for: macOS Tahoe
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: The issue was addressed with improved memory handling.
CVE-2026-39869: David Ige of Beryllium Security
CoreMedia
Available for: macOS Tahoe
Impact: An app may be able to access private information
Description: This issue was addressed through improved state management.
CVE-2026-28922: Arni Hardarson
CoreServices
Available for: macOS Tahoe
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
CoreSymbolication
Available for: macOS Tahoe
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-28918: Niels Hofmans, Anonymous working with TrendAI Zero Day Initiative
CUPS
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
FileProvider
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-43659: Alex Radocea
GPU Drivers
Available for: macOS Tahoe
Impact: A malicious app may be able to break out of its sandbox
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)
HFS
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28925: Aswin Kumar Gokula Kannan, Dave G.
ImageIO
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may corrupt process memory
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2026-43661: an anonymous researcher
ImageIO
Available for: macOS Tahoe
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: The issue was addressed with improved bounds checks.
CVE-2026-28977: Suresh Sundaram
ImageIO
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28990: Jiri Ha, Arni Hardarson
Installer
Available for: macOS Tahoe
Impact: A malicious app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine
IOHIDFamily
Available for: macOS Tahoe
Impact: An attacker may be able to cause unexpected app termination
Description: A memory corruption vulnerability was addressed with improved locking.
CVE-2026-28992: Johnny Franks (@zeroxjf)
IOHIDFamily
Available for: macOS Tahoe
Impact: An app may be able to determine kernel memory layout
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28943: Google Threat Analysis Group
IOKit
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory management.
CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar
IOSurfaceAccelerator
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2026-43655: Somair Ansar and an anonymous researcher
Kernel
Available for: macOS Tahoe
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)
Kernel
Available for: macOS Tahoe
Impact: An app may be able to modify protected parts of the file system
Description: A denial of service issue was addressed by removing the vulnerable code.
CVE-2026-28908: beist
Kernel
Available for: macOS Tahoe
Impact: A maliciously crafted disk image may bypass Gatekeeper checks
Description: A file quarantine bypass was addressed with additional checks.
CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)
Kernel
Available for: macOS Tahoe
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A buffer overflow was addressed with improved input validation.
CVE-2026-28897: popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Robert Tran, Aswin kumar Gokulakannan
Kernel
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input validation.
CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research
Kernel
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state management.
CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru
Kernel
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)
Kernel
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with additional validation.
CVE-2026-28986: Chris Betz, Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io)
Kernel
Available for: macOS Tahoe
Impact: An app may be able to leak sensitive kernel state
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)
LaunchServices
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause a denial of service
Description: A type confusion issue was addressed with improved checks.
CVE-2026-28983: Ruslan Dautov
Mail Drafts
Available for: macOS Tahoe
Impact: Replying to an email could display remote images in Mail in Lockdown Mode
Description: A logic issue was addressed with improved checks.
CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)
mDNSResponder
Available for: macOS Tahoe
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2026-43653: Atul R V
mDNSResponder
Available for: macOS Tahoe
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2026-28985: Omar Cerrito
mDNSResponder
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A use after free issue was addressed with improved memory management.
CVE-2026-43668: Anton Pakhunov, Ricardo Prado
mDNSResponder
Available for: macOS Tahoe
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-43666: Ian van der Wurff (ian.nl)
Model I/O
Available for: macOS Tahoe
Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents
Description: The issue was addressed with improved checks.
CVE-2026-28941: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative
Model I/O
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28940: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative
Network Extensions
Available for: macOS Tahoe
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: This issue was addressed with improved checks.
CVE-2026-28961: Dan Raviv
Networking
Available for: macOS Tahoe
Impact: An attacker may be able to track users through their IP address
Description: This issue was addressed through improved state management.
CVE-2026-28906: Ilya Sc. Jowell A.
Quick Look
Available for: macOS Tahoe
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2026-43656: Peter Malone
Sandbox
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-43652: Asaf Cohen
SceneKit
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-39870: Peter Malone
SceneKit
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause unexpected app termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28846: Peter Malone
Shortcuts
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by adding an additional prompt for user consent.
CVE-2026-28993: Doron Assness
SMB
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28848: Peter Malone, Dave G. and Alex Radocea of Supernetworks
Spotlight
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28930: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
Spotlight
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: This issue was addressed with improved checks to prevent unauthorized actions.
CVE-2026-28974: Andy Koo (@andykoo) of Hexens
Storage
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-28996: Alex Radocea
StorageKit
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A consistency issue was addressed with improved state handling.
CVE-2026-28919: Amy (amys.website)
Sync Services
Available for: macOS Tahoe
Impact: An app may be able to access Contacts without user consent
Description: A race condition was addressed with improved handling of symbolic links.
CVE-2026-28924: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab
TV App
Available for: macOS Tahoe
Impact: An app may be able to observe unprotected user data
Description: A path handling issue was addressed with improved logic.
CVE-2026-39871: an anonymous researcher
UserAccountUpdater
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: An information leakage was addressed with additional validation.
CVE-2026-28976: David Ige - Beryllium Security
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: A validation issue was addressed with improved logic.
WebKit Bugzilla: 308906
CVE-2026-43660: Cantina
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: The issue was addressed with improved input validation.
WebKit Bugzilla: 308675
CVE-2026-28907: Cantina
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: This issue was addressed with improved access restrictions.
WebKit Bugzilla: 309698
CVE-2026-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 307669
CVE-2026-43658: Do Young Park
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 308545
CVE-2026-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang
WebKit Bugzilla: 308707
CVE-2026-28847: DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea
WebKit Bugzilla: 309601
CVE-2026-28904: Luka Rački
WebKit Bugzilla: 310880
CVE-2026-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative
WebKit Bugzilla: 310303
CVE-2026-28903: Mateusz Krzywicki (iVerify.io)
WebKit Bugzilla: 309628
CVE-2026-28953: Maher Azzouzi
WebKit Bugzilla: 309861
CVE-2026-28902: Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon)
WebKit Bugzilla: 310207
CVE-2026-28901: Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io
WebKit Bugzilla: 311631
CVE-2026-28913: an anonymous researcher
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 313939
CVE-2026-28883: kwak kiyong / kakaogames
WebKit
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved data protection.
WebKit Bugzilla: 311228
CVE-2026-28958: Cantina
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved input validation.
WebKit Bugzilla: 310527
CVE-2026-28917: Vitaly Simonovich
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 310234
CVE-2026-28947: dr3dd
WebKit Bugzilla: 310544
CVE-2026-28946: Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox
WebKit Bugzilla: 312180
CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic
WebKit
Available for: macOS Tahoe
Impact: A malicious iframe may use another website’s download settings
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 311288
CVE-2026-28971: Khiem Tran
WebRTC
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 311131
CVE-2026-28944: Kenneth Hsu of Palo Alto Networks, Jérôme DJOUDER, dr3dd
Wi-Fi
Available for: macOS Tahoe
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-28819: Wang Yu
Wi-Fi
Available for: macOS Tahoe
Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets
Description: A use after free issue was addressed with improved memory management.
CVE-2026-28994: Alex Radocea
zip
Available for: macOS Tahoe
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks
Description: A logic issue was addressed with improved file handling.
CVE-2026-28914: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs (nosebeard.co)
zlib
Available for: macOS Tahoe
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: An information leakage was addressed with additional validation.
CVE-2026-28920: Brendon Tiszka of Google Project Zero
