CVE-2026-28821
Published: 25 March 2026
Summary
CVE-2026-28821 is a high-severity Improper Input Validation (CWE-20) vulnerability in Apple Macos. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the improper input validation (CWE-20) in entitlement verification that allows privilege escalation.
Enforces access control policies to validate and restrict process entitlements, preventing unauthorized elevation of privileges.
Implements least privilege to limit app access to only necessary entitlements, mitigating escalation from validation bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local privilege escalation vulnerability on macOS via improper input validation in entitlement checks, allowing a malicious app to bypass security controls and obtain elevated privileges without user interaction or prior access. This directly enables the Exploitation for Privilege Escalation technique.
NVD Description
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain…
more
elevated privileges.
Deeper analysisAI
CVE-2026-28821 is a validation issue in the entitlement verification process within macOS. The vulnerability, classified under CWE-20 (Improper Input Validation) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), affects macOS versions prior to the patched releases. It was addressed by Apple with improved validation of process entitlements and is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Published on 2026-03-25, the flaw enables an app to gain elevated privileges.
A local attacker can exploit this vulnerability with low complexity, requiring no privileges or user interaction. By executing a malicious app on the target system, the attacker can bypass entitlement checks, achieving high impacts across confidentiality, integrity, and availability. This elevation of privileges could allow further compromise of the system.
Apple's security advisories detail the mitigation through the specified patched macOS versions, emphasizing improved process entitlement validation. Relevant updates are documented at https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796. Security practitioners should prioritize updating affected systems to prevent local privilege escalation.
Details
- CWE(s)