CVE-2026-28952: Apple macOS 26.5 Kernel Vuln found by Claude

# About the security content of macOS Tahoe 26.5 - Apple Support Source: [https://support.apple.com/en-us/127115](https://support.apple.com/en-us/127115) For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available\. Recent releases are listed on the[Apple security releases](https://support.apple.com/en-us/100100)page\. Apple security documents reference vulnerabilities by[CVE\-ID](https://www.cve.org/About/Overview)when possible\. For more information about security, see the[Apple Product Security](https://support.apple.com/en-us/102549)page\. Released May 11, 2026 Available for: macOS Tahoe Impact: An app may be able to cause a denial\-of\-service Description: An out\-of\-bounds read was addressed with improved bounds checking\. CVE\-2026\-28991: Seiji Sakurai \(@HeapSmasher\) Available for: macOS Tahoe Impact: An app may be able to bypass certain Privacy preferences Description: A permissions issue was addressed with additional restrictions\. CVE\-2026\-28988: Asaf Cohen Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination Description: A buffer overflow was addressed with improved bounds checking\. CVE\-2026\-28959: Dave G\. Available for: macOS Tahoe Impact: A malicious app may be able to break out of its sandbox Description: A logic issue was addressed with improved restrictions\. CVE\-2026\-28995: Vamshi Paili, Tony Gorez \(@tonygo\_\) for Reverse Society Available for: macOS Tahoe Impact: Processing a maliciously crafted image may lead to a denial\-of\-service Description: This is a vulnerability in open source code and Apple Software is among the affected projects\. The CVE\-ID was assigned by a third party\. Learn more about the issue and CVE\-ID at[cve\.org](https://www.cve.org/)\. CVE\-2026\-1837 Available for: macOS Tahoe Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: A memory corruption issue was addressed with improved input validation\. CVE\-2026\-28956: impost0r \(ret2plt\) Available for: macOS Tahoe Impact: Processing an audio stream in a maliciously crafted media file may terminate the process Description: The issue was addressed with improved memory handling\. CVE\-2026\-39869: David Ige of Beryllium Security Available for: macOS Tahoe Impact: An app may be able to access private information Description: This issue was addressed through improved state management\. CVE\-2026\-28922: Arni Hardarson Available for: macOS Tahoe Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: The issue was addressed with improved checks\. CVE\-2026\-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs Available for: macOS Tahoe Impact: Parsing a maliciously crafted file may lead to an unexpected app termination Description: An out\-of\-bounds access issue was addressed with improved bounds checking\. CVE\-2026\-28918: Niels Hofmans, Anonymous working with TrendAI Zero Day Initiative Available for: macOS Tahoe Impact: An app may be able to gain root privileges Description: A parsing issue in the handling of directory paths was addressed with improved path validation\. CVE\-2026\-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs Available for: macOS Tahoe Impact: An app may be able to access sensitive user data Description: A race condition was addressed with additional validation\. CVE\-2026\-43659: Alex Radocea Available for: macOS Tahoe Impact: A malicious app may be able to break out of its sandbox Description: A logging issue was addressed with improved data redaction\. CVE\-2026\-28923: Kun Peeks \(@SwayZGl1tZyyy\) Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination or write kernel memory Description: A buffer overflow was addressed with improved bounds checking\. CVE\-2026\-28925: Aswin Kumar Gokula Kannan, Dave G\. Available for: macOS Tahoe Impact: Processing a maliciously crafted image may corrupt process memory Description: A buffer overflow issue was addressed with improved memory handling\. CVE\-2026\-43661: an anonymous researcher Available for: macOS Tahoe Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: The issue was addressed with improved bounds checks\. CVE\-2026\-28977: Suresh Sundaram Available for: macOS Tahoe Impact: Processing a maliciously crafted image may corrupt process memory Description: The issue was addressed with improved memory handling\. CVE\-2026\-28990: Jiri Ha, Arni Hardarson Available for: macOS Tahoe Impact: A malicious app may be able to break out of its sandbox Description: A permissions issue was addressed with additional restrictions\. CVE\-2026\-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine Available for: macOS Tahoe Impact: An attacker may be able to cause unexpected app termination Description: A memory corruption vulnerability was addressed with improved locking\. CVE\-2026\-28992: Johnny Franks \(@zeroxjf\) Available for: macOS Tahoe Impact: An app may be able to determine kernel memory layout Description: A logging issue was addressed with improved data redaction\. CVE\-2026\-28943: Google Threat Analysis Group Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination Description: A use after free issue was addressed with improved memory management\. CVE\-2026\-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination or read kernel memory Description: An out\-of\-bounds read was addressed with improved bounds checking\. CVE\-2026\-43655: Somair Ansar and an anonymous researcher Available for: macOS Tahoe Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling\. CVE\-2026\-43654: Vaagn Vardanian, Nathaniel Oh \(@calysteon\) Available for: macOS Tahoe Impact: An app may be able to modify protected parts of the file system Description: A denial of service issue was addressed by removing the vulnerable code\. CVE\-2026\-28908: beist Available for: macOS Tahoe Impact: A maliciously crafted disk image may bypass Gatekeeper checks Description: A file quarantine bypass was addressed with additional checks\. CVE\-2026\-28954: Yiğit Can YILMAZ \(@yilmazcanyigit\) Available for: macOS Tahoe Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A buffer overflow was addressed with improved input validation\. CVE\-2026\-28897: popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng \(@Peterpan0927\) of STAR Labs SG Pte\. Ltd\., Robert Tran, Aswin kumar Gokulakannan Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination Description: An integer overflow was addressed with improved input validation\. CVE\-2026\-28952: Calif\.io in collaboration with Claude and Anthropic Research Available for: macOS Tahoe Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management\. CVE\-2026\-28951: Csaba Fitzl \(@theevilbit\) of Iru Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out\-of\-bounds write issue was addressed with improved input validation\. CVE\-2026\-28972: Billy Jheng Bing Jhong and Pan Zhenpeng \(@Peterpan0927\) of STAR Labs SG Pte\. Ltd\., Ryan Hileman via Xint Code \(xint\.io\) Available for: macOS Tahoe Impact: An app may be able to cause unexpected system termination Description: A race condition was addressed with additional validation\. CVE\-2026\-28986: Chris Betz, Tristan Madani \(@TristanInSec\) from Talence Security, Ryan Hileman via Xint Code \(xint\.io\) Available for: macOS Tahoe Impact: An app may be able to leak sensitive kernel state Description: A logging issue was addressed with improved data redaction\. CVE\-2026\-28987: Dhiyanesh Selvaraj \(@redroot97\) Available for: macOS Tahoe Impact: A remote attacker may be able to cause a denial of service Description: A type confusion issue was addressed with improved checks\. CVE\-2026\-28983: Ruslan Dautov Available for: macOS Tahoe Impact: Replying to an email could display remote images in Mail in Lockdown Mode Description: A logic issue was addressed with improved checks\. CVE\-2026\-28929: Yiğit Can YILMAZ \(@yilmazcanyigit\) Available for: macOS Tahoe Impact: An attacker on the local network may be able to cause a denial\-of\-service Description: The issue was addressed with improved memory handling\. CVE\-2026\-43653: Atul R V Available for: macOS Tahoe Impact: An attacker on the local network may be able to cause a denial\-of\-service Description: A null pointer dereference was addressed with improved input validation\. CVE\-2026\-28985: Omar Cerrito Available for: macOS Tahoe Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management\. CVE\-2026\-43668: Anton Pakhunov, Ricardo Prado Available for: macOS Tahoe Impact: An attacker on the local network may be able to cause a denial\-of\-service Description: An out\-of\-bounds write issue was addressed with improved bounds checking\. CVE\-2026\-43666: Ian van der Wurff \(ian\.nl\) Available for: macOS Tahoe Impact: Processing a maliciously crafted file may lead to a denial\-of\-service or potentially disclose memory contents Description: The issue was addressed with improved checks\. CVE\-2026\-28941: Michael DePlante \(@izobashi\) of TrendAI Zero Day Initiative Available for: macOS Tahoe Impact: Processing a maliciously crafted image may corrupt process memory Description: The issue was addressed with improved memory handling\. CVE\-2026\-28940: Michael DePlante \(@izobashi\) of TrendAI Zero Day Initiative Available for: macOS Tahoe Impact: An attacker with physical access to a locked device may be able to view sensitive user information Description: This issue was addressed with improved checks\. CVE\-2026\-28961: Dan Raviv Available for: macOS Tahoe Impact: An attacker may be able to track users through their IP address Description: This issue was addressed through improved state management\. CVE\-2026\-28906: Ilya Sc\. Jowell A\. Available for: macOS Tahoe Impact: Parsing a maliciously crafted file may lead to an unexpected app termination Description: An out\-of\-bounds write issue was addressed with improved input validation\. CVE\-2026\-43656: Peter Malone Available for: macOS Tahoe Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions\. CVE\-2026\-43652: Asaf Cohen Available for: macOS Tahoe Impact: Processing a maliciously crafted image may corrupt process memory Description: The issue was addressed with improved memory handling\. CVE\-2026\-39870: Peter Malone Available for: macOS Tahoe Impact: A remote attacker may be able to cause unexpected app termination Description: A buffer overflow was addressed with improved bounds checking\. CVE\-2026\-28846: Peter Malone Available for: macOS Tahoe Impact: An app may be able to access user\-sensitive data Description: This issue was addressed by adding an additional prompt for user consent\. CVE\-2026\-28993: Doron Assness Available for: macOS Tahoe Impact: A remote attacker may be able to cause unexpected system termination Description: A buffer overflow was addressed with improved bounds checking\. CVE\-2026\-28848: Peter Malone, Dave G\. and Alex Radocea of Supernetworks Available for: macOS Tahoe Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions\. CVE\-2026\-28930: Pan ZhenPeng \(@Peterpan0927\) of STAR Labs SG Pte\. Ltd\. Available for: macOS Tahoe Impact: An app may be able to cause a denial\-of\-service Description: This issue was addressed with improved checks to prevent unauthorized actions\. CVE\-2026\-28974: Andy Koo \(@andykoo\) of Hexens Available for: macOS Tahoe Impact: An app may be able to access sensitive user data Description: A race condition was addressed with additional validation\. CVE\-2026\-28996: Alex Radocea Available for: macOS Tahoe Impact: An app may be able to gain root privileges Description: A consistency issue was addressed with improved state handling\. CVE\-2026\-28919: Amy \(amys\.website\) Available for: macOS Tahoe Impact: An app may be able to access Contacts without user consent Description: A race condition was addressed with improved handling of symbolic links\. CVE\-2026\-28924: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, YingQi Shi \(@Mas0nShi\) of DBAppSecurity's WeBin lab Available for: macOS Tahoe Impact: An app may be able to observe unprotected user data Description: A path handling issue was addressed with improved logic\. CVE\-2026\-39871: an anonymous researcher Available for: macOS Tahoe Impact: An app may be able to gain root privileges Description: An information leakage was addressed with additional validation\. CVE\-2026\-28976: David Ige \- Beryllium Security Available for: macOS Tahoe Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A validation issue was addressed with improved logic\. WebKit Bugzilla: 308906 CVE\-2026\-43660: Cantina Available for: macOS Tahoe Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved input validation\. WebKit Bugzilla: 308675 CVE\-2026\-28907: Cantina Available for: macOS Tahoe Impact: Processing maliciously crafted web content may disclose sensitive user information Description: This issue was addressed with improved access restrictions\. WebKit Bugzilla: 309698 CVE\-2026\-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox Available for: macOS Tahoe Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: The issue was addressed with improved memory handling\. WebKit Bugzilla: 307669 CVE\-2026\-43658: Do Young Park Available for: macOS Tahoe Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling\. WebKit Bugzilla: 308545 CVE\-2026\-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang WebKit Bugzilla: 308707 CVE\-2026\-28847: DARKNAVY \(@DarkNavyOrg\), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea WebKit Bugzilla: 309601 CVE\-2026\-28904: Luka Rački WebKit Bugzilla: 310880 CVE\-2026\-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative WebKit Bugzilla: 310303 CVE\-2026\-28903: Mateusz Krzywicki \(iVerify\.io\) WebKit Bugzilla: 309628 CVE\-2026\-28953: Maher Azzouzi WebKit Bugzilla: 309861 CVE\-2026\-28902: Tristan Madani \(@TristanInSec\) from Talence Security, Nathaniel Oh \(@calysteon\) WebKit Bugzilla: 310207 CVE\-2026\-28901: Aisle offensive security research team \(Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken\), Maher Azzouzi, Ngan Nguyen of Calif\.io WebKit Bugzilla: 311631 CVE\-2026\-28913: an anonymous researcher Available for: macOS Tahoe Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use\-after\-free issue was addressed with improved memory management\. WebKit Bugzilla: 313939 CVE\-2026\-28883: kwak kiyong / kakaogames Available for: macOS Tahoe Impact: An app may be able to access sensitive user data Description: This issue was addressed with improved data protection\. WebKit Bugzilla: 311228 CVE\-2026\-28958: Cantina Available for: macOS Tahoe Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved input validation\. WebKit Bugzilla: 310527 CVE\-2026\-28917: Vitaly Simonovich Available for: macOS Tahoe Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use\-after\-free issue was addressed with improved memory management\. WebKit Bugzilla: 310234 CVE\-2026\-28947: dr3dd WebKit Bugzilla: 310544 CVE\-2026\-28946: Gia Bui \(@yabeow\) from Calif\.io, dr3dd, w0wbox WebKit Bugzilla: 312180 CVE\-2026\-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic Available for: macOS Tahoe Impact: A malicious iframe may use another website’s download settings Description: The issue was addressed with improved UI handling\. WebKit Bugzilla: 311288 CVE\-2026\-28971: Khiem Tran Available for: macOS Tahoe Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling\. WebKit Bugzilla: 311131 CVE\-2026\-28944: Kenneth Hsu of Palo Alto Networks, Jérôme DJOUDER, dr3dd Available for: macOS Tahoe Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out\-of\-bounds write issue was addressed with improved bounds checking\. CVE\-2026\-28819: Wang Yu Available for: macOS Tahoe Impact: An attacker in a privileged network position may be able to perform denial\-of\-service attack using crafted Wi\-Fi packets Description: A use after free issue was addressed with improved memory management\. CVE\-2026\-28994: Alex Radocea Available for: macOS Tahoe Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: A logic issue was addressed with improved file handling\. CVE\-2026\-28914: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs \(nosebeard\.co\) Available for: macOS Tahoe Impact: Visiting a maliciously crafted website may leak sensitive data Description: An information leakage was addressed with additional validation\. CVE\-2026\-28920: Brendon Tiszka of Google Project Zero We would like to acknowledge Mikael Kinnman for their assistance\. We would like to acknowledge Asaf Cohen, Johan Wahyudi for their assistance\. We would like to acknowledge Iván Savransky, Kun Peeks \(@SwayZGl1tZyyy\), YingQi Shi \(@Mas0nShi\) of DBAppSecurity's WeBin lab for their assistance\. We would like to acknowledge Brian Carpenter for their assistance\. We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance\. We would like to acknowledge Jordan Pittman for their assistance\. We would like to acknowledge Mustafa Calap ​ for their assistance\. We would like to acknowledge an anonymous researcher for their assistance\. We would like to acknowledge Ryan Hileman via Xint Code \(xint\.io\), an anonymous researcher for their assistance\. We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance\. We would like to acknowledge Chris Staite and David Hardy of Menlo Security Inc for their assistance\. We would like to acknowledge Ilias Morad \(@A2nkF\_\) for their assistance\. We would like to acknowledge Kun Peeks \(@SwayZGl1tZyyy\) for their assistance\. We would like to acknowledge Jason Grove for their assistance\. We would like to acknowledge Jeffery Kimbrow for their assistance\. We would like to acknowledge Asilbek Salimov for their assistance\. We would like to acknowledge Anand Patil for their assistance\. We would like to acknowledge Christopher Mathews for their assistance\. We would like to acknowledge Cem Onat Karagun, Surya Kushwaha for their assistance\. We would like to acknowledge sean mutuku for their assistance\. We would like to acknowledge Robert Mindo for their assistance\. We would like to acknowledge Yoav Magid for their assistance\. We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance\. We would like to acknowledge Muhammad Zaid Ghifari \(Mr\.ZheeV\), Kalimantan Utara, Qadhafy Muhammad Tera, Vitaly Simonovich for their assistance\. We would like to acknowledge Hyeonji Son \(@jir4vv1t\) of Demon Team for their assistance\. We would like to acknowledge Kun Peeks \(@SwayZGl1tZyyy\) for their assistance\. Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement\. Apple assumes no responsibility with regard to the selection, performance, or use of third\-party websites or products\. Apple makes no representations regarding third\-party website accuracy or reliability\.[Contact the vendor](https://support.apple.com/103190)for additional information\. Published Date:May 11, 2026