Cyber Resilience

CVE-2026-28865

High

Published: 25 March 2026

Published
25 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 34.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28865 is a high-severity Improper Authorization (CWE-285) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28865 is an authentication issue addressed with improved state management, affecting multiple Apple operating systems including iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Sonoma prior to 14.8.5, macOS Tahoe prior to 26.4, tvOS prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4.

An attacker in a privileged network position may be able to intercept network traffic. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating network accessibility with low attack complexity, no privileges or user interaction required, unchanged scope, no impact on confidentiality or integrity, but high impact on availability. It is associated with CWE-285.

Apple has fixed this issue in the listed versions of iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. Additional details on mitigations are available in Apple's security advisories at https://support.apple.com/en-us/126792, https://support.apple.com/en-us/126793, https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796.

EU & UK References

Vulnerability details

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An…

more

attacker in a privileged network position may be able to intercept network traffic.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-31255Same product: Apple Ipados
CVE-2026-20611Same product: Apple Ipados
CVE-2026-20650Same product: Apple Ipados
CVE-2026-28860Same product: Apple Ipados
CVE-2025-24129Same product: Apple Ipados
CVE-2026-43660Same product: Apple Ipados
CVE-2026-20698Same product: Apple Ipados
CVE-2026-28947Same product: Apple Ipados
CVE-2026-28959Same product: Apple Ipados
CVE-2026-28955Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.7.7 · 26.0 — 26.4
apple
iphone os
≤ 18.7.7 · 26.0 — 26.4
apple
macos
14.0 — 14.8.5 · 15.0 — 15.7.5 · 26.0 — 26.4
apple
tvos
≤ 26.4
apple
visionos
≤ 26.4
apple
watchos
≤ 26.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates authentication state management flaws by protecting communication session authenticity against interception by privileged network attackers.

prevent

Ensures timely flaw remediation through patching to vendor-fixed versions, comprehensively addressing this specific authentication vulnerability.

prevent

Provides cryptographic protection for transmission confidentiality, integrity, and authenticity, limiting the impact of network traffic interception.

References