CVE-2026-28838 Apple CVE debrief

Who should care

macOS administrators, security teams, and users running affected macOS releases should pay attention, especially if they rely on sandboxing to contain third-party or less-trusted apps.

Technical summary

The issue is described as a permissions problem in macOS sandbox enforcement. Apple says it was fixed with additional sandbox restrictions. NVD maps affected macOS versions to Sonoma releases before 14.8.5, Sequoia releases before 15.7.5, and Tahoe releases before 26.4. The NVD CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, which indicates a network-capable issue requiring no privileges or user interaction, with low confidentiality impact and no integrity or availability impact scored by NVD.

Defensive priority

Medium. The issue is publicly disclosed, vendor-fixed, and rated CVSS 5.3, but the impact is limited to sandbox escape rather than a full-system compromise in the published advisory.

Recommended defensive actions

• Install the Apple updates that include macOS Sonoma 14.8.5, Sequoia 15.7.5, or Tahoe 26.4 as appropriate for your device.
• Prioritize systems that run untrusted or third-party apps, since sandbox boundaries are the affected control.
• Confirm fleet compliance against the fixed macOS versions and remediate any older releases listed by NVD.
• Review application allowlists and containment assumptions, but do not rely on sandboxing alone for high-risk workloads.

Evidence notes

This debrief is based on the CVE record, NVD metadata, and Apple vendor references. The CVE description says: “A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.” NVD assigns CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N and lists Apple support references as vendor advisories.

Official resources