CVE-2026-28845: Use After Free

Q: What is the severity of CVE-2026-28845?

CVE-2026-28845 has a medium severity rating of 5.5 according to the CVSS 3.1.

Q: What types of vulnerabilities are associated with CVE-2026-28845?

CVE-2026-28845 is associated with vulnerabilities such as Use After Free, Input Validation, Null Pointer Dereference, Race Condition, and Buffer Overflow.

Q: How do I fix CVE-2026-28845?

To fix CVE-2026-28845, users should apply the latest security updates provided by Apple for macOS Tahoe.

Q: What software is affected by CVE-2026-28845?

CVE-2026-28845 affects Apple macOS Tahoe and other versions of macOS.

Q: When was CVE-2026-28845 published?

CVE-2026-28845 was published on March 24, 2026.

Published Mar 24, 2026

Updated

802.1X. An authentication issue was addressed with improved state management.

Other sources

Accounts. An authorization issue was addressed with improved state management.

— Apple

Admin Framework. A path handling issue was addressed with improved validation.

— Apple

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access protected user data.

— NVD

apache. This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

— Apple

AppleMobileFileIntegrity. A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.

— Apple

Credit

Héloïse Gollier, Mathy Vanhoef (KU Leuven), Rosyna Keller(Totally Not Malicious Software), Ryan Dowd@@_rdowd, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, Mickey Jin@@patch1t, an anonymous researcher, Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Zhongquan Li@@Guluisacat, Justin Cohen(Google), Jex Amro, Cristian Dinca (icmd.tech), Hossein Lotfi@@hosselot(TrendAI Zero Day Initiative), YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Etienne Charron (Renault), Victoria Martini (Renault), Zhongcheng Li(IES Red Team), Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), Asaf Cohen, CVE-2025-14524, 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, DARKNAVY@@DarkNavyOrg, XiguaSec, Ye Zhang(Baidu Security), Ryan Dowd@@_rdowd(Iru), Csaba Fitzl@@theevilbit(Iru), CVE-2025-64505, Joseph Ravichandran@@0xjprx(MIT CSAIL), Gor Aleksanyan(BoB 0xB6), Dhiyanesh Selvaraj@@redroot97(BoB 0xB6), 이동하 (Lee Dong Ha(BoB 0xB6), Jian Lee@@speedyfriend433, hari shanmugam, Johnny Franks@@zeroxjf, Yuebin Sun@@yuebinsun2020(SecuRing), an anonymous researcher(SecuRing), Nathaniel Oh@@calysteon(SecuRing), Kirin@@Pwnrin(SecuRing), Wojciech Regula(SecuRing), Joshua Jewett@@JoshJewett33, Ilya Andr (andrd3v)(Voynich Group), Ilias Morad (A2nkF)(Voynich Group), Duy Trần@@khanhduytran0, @@hugeBlack, Himanshu Bharti@@Xpl0itme(Khatima), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Matej Moravec@@MacejkoMoravec, Dawuge(Shuffle Team), Hunan University, Gergely Kalman@@gergely_kalman, Andrei Dodu, Morris Richman@@morrisinlife, Kun Peeks@@SwayZGl1tZyyy, Gyujeong Jin at Team.0xb6@@G1uN4sh, wdszzml, Atuin Automated Vulnerability Discovery Engine, Alex Radocea, Christian Kohlschütter, Sreejith Krishnan R, Dave G., @@pixiepointsec, Luke Roberts@@rookuu, Pedro Tôrres@@t0rr3sp3dr0, Caspian Tarafdar, Andrew Becker, webb, Thomas Espach, @@hamayanhamayan, Yeonghyeon Choi, Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch3301, Yevhen Pervushyn, Minse Kim, Narcis Oliveras Fontàs, Nathaniel Oh@@calysteon, Hongze Wu(Ant Group Infrastructure Security Team), Shuaike Dong(Ant Group Infrastructure Security Team), greenbynox, Arni Hardarson, Gongyu Ma@@Mezone0

Affected Software

2 affected componentsFixes available

Apple macOS Tahoe<26.4

26.4

Apple macOS>=26.0<26.4

Event History

Mar 24, 2026

Data Sourced

via Apple·12:00 AM

DescriptionWeaknessAffected Software

Updated

via Apple·12:00 AM

DescriptionWeakness

Mar 25, 2026

CVE Published

via MITRE·12:32 AM

Data Sourced

via MITRE·12:32 AM

DescriptionWeakness

Data Sourced

via NVD·01:17 AM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

APPLE-126794

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2026-28865
CVE-2026-28877
CVE-2026-28823
CVE-2025-55753
CVE-2025-58098
CVE-2025-59775
CVE-2025-65082
CVE-2025-66200
CVE-2026-28824
CVE-2026-20696
CVE-2026-20699
CVE-2026-20684
CVE-2026-20633
CVE-2026-28910
CVE-2026-28879
CVE-2026-28822
CVE-2026-28894
CVE-2026-28866
CVE-2026-20690
CVE-2026-28821
CVE-2026-28838
CVE-2026-28886
CVE-2026-28878
CVE-2026-28888
CVE-2026-28893
CVE-2025-14524
CVE-2026-28876
CVE-2026-28892
CVE-2026-28832
CVE-2026-28870
CVE-2026-28834
CVE-2026-28881
CVE-2026-28880
CVE-2026-28833
CVE-2025-64505
CVE-2026-28842
CVE-2026-28841
CVE-2026-28868
CVE-2026-28867
CVE-2026-20698
CVE-2026-20695
CVE-2026-20687
CVE-2026-28845
CVE-2026-28882
CVE-2026-20607
CVE-2026-20692
CVE-2026-20694
CVE-2026-20632
CVE-2026-28839
CVE-2026-20701
CVE-2026-28891
CVE-2026-28827
CVE-2026-28816
CVE-2026-28826
CVE-2026-20631
CVE-2026-20693
CVE-2026-28840
CVE-2026-28862
CVE-2026-28831
CVE-2026-28817
CVE-2026-20688
CVE-2026-28864
CVE-2026-28830
CVE-2026-28860
CVE-2026-28835
CVE-2026-28825
CVE-2026-28818
CVE-2026-20697
CVE-2026-28820
CVE-2026-28837
CVE-2026-28844
CVE-2026-28828
CVE-2026-28852
CVE-2026-20657
CVE-2026-28829
CVE-2026-20665
CVE-2026-20643
CVE-2026-28871
CVE-2026-20664
CVE-2026-28857
CVE-2026-28861
CVE-2026-28859
CVE-2026-20691

Frequently Asked Questions

What is the severity of CVE-2026-28845?

CVE-2026-28845 has a medium severity rating of 5.5 according to the CVSS 3.1.

What types of vulnerabilities are associated with CVE-2026-28845?

CVE-2026-28845 is associated with vulnerabilities such as Use After Free, Input Validation, Null Pointer Dereference, Race Condition, and Buffer Overflow.

How do I fix CVE-2026-28845?

To fix CVE-2026-28845, users should apply the latest security updates provided by Apple for macOS Tahoe.

What software is affected by CVE-2026-28845?

CVE-2026-28845 affects Apple macOS Tahoe and other versions of macOS.

When was CVE-2026-28845 published?

CVE-2026-28845 was published on March 24, 2026.

CVE-2026-28845: Use After Free

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2026-28845?

What types of vulnerabilities are associated with CVE-2026-28845?

How do I fix CVE-2026-28845?

What software is affected by CVE-2026-28845?

When was CVE-2026-28845 published?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2026-28845?

What types of vulnerabilities are associated with CVE-2026-28845?

How do I fix CVE-2026-28845?

What software is affected by CVE-2026-28845?

When was CVE-2026-28845 published?