Cyber Resilience

CVE-2026-28821

High

Published: 25 March 2026

Published
25 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0021 11.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28821 is a high-severity Improper Input Validation (CWE-20) vulnerability in Apple Macos. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-28821 is a validation issue in the entitlement verification process within macOS. The vulnerability, classified under CWE-20 (Improper Input Validation) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), affects macOS versions prior to the patched releases. It was addressed by Apple with improved validation of process entitlements and is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Published on 2026-03-25, the flaw enables an app to gain elevated privileges.

A local attacker can exploit this vulnerability with low complexity, requiring no privileges or user interaction. By executing a malicious app on the target system, the attacker can bypass entitlement checks, achieving high impacts across confidentiality, integrity, and availability. This elevation of privileges could allow further compromise of the system.

Apple's security advisories detail the mitigation through the specified patched macOS versions, emphasizing improved process entitlement validation. Relevant updates are documented at https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796. Security practitioners should prioritize updating affected systems to prevent local privilege escalation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain…

more

elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local privilege escalation vulnerability on macOS via improper input validation in entitlement checks, allowing a malicious app to bypass security controls and obtain elevated privileges without user interaction or prior access. This directly enables the Exploitation for Privilege Escalation technique.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24255Same product: Apple Macos
CVE-2026-28976Same product: Apple Macos
CVE-2025-24231Same product: Apple Macos
CVE-2024-44305Same product: Apple Macos
CVE-2025-43261Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-43253Same product: Apple Macos
CVE-2026-28925Same product: Apple Macos
CVE-2025-43199Same product: Apple Macos
CVE-2025-30452Same product: Apple Macos

Affected Assets

apple
macos
14.0 — 14.8.5 · 15.0 — 15.7.5 · 26.0 — 26.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation (CWE-20) in entitlement verification that allows privilege escalation.

prevent

Enforces access control policies to validate and restrict process entitlements, preventing unauthorized elevation of privileges.

prevent

Implements least privilege to limit app access to only necessary entitlements, mitigating escalation from validation bypass.

References