CVE-2026-28858
Published: 25 March 2026
Summary
CVE-2026-28858 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Apple Ipados. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements bounds checking and input validation to directly prevent buffer overflows like CVE-2026-28858 in the kernel.
Provides memory protection mechanisms that mitigate kernel memory corruption and unauthorized execution from buffer overflow exploits.
Ensures timely identification, reporting, and patching of flaws such as CVE-2026-28858 to remediate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated kernel buffer overflow enables exploitation of public-facing system component (T1190), potential kernel RCE/privilege escalation (T1068), and system termination DoS via system exploitation (T1499.004).
NVD Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
Deeper analysisAI
CVE-2026-28858 is a buffer overflow vulnerability (CWE-120) addressed through improved bounds checking in the kernel of iOS and iPadOS. It affects versions of iOS and iPadOS prior to 26.4, where insufficient bounds validation allows memory corruption. The issue was publicly disclosed on March 25, 2026, and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high confidentiality, integrity, and availability impacts.
A remote attacker requires no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation could enable the attacker to cause unexpected system termination, effectively resulting in a denial-of-service condition, or corrupt kernel memory, potentially leading to arbitrary code execution or further privilege escalation within the kernel context.
Apple's security advisory at https://support.apple.com/en-us/126792 confirms the vulnerability was remediated in iOS 26.4 and iPadOS 26.4 via enhanced bounds checking. Security practitioners should prioritize updating affected devices to these versions to mitigate the risk.
Details
- CWE(s)