Cyber Posture

CVE-2026-28865

High

Published: 25 March 2026

Published
25 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 32.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28865 is a high-severity Improper Authorization (CWE-285) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 32.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

Directly mitigates authentication state management flaws by protecting communication session authenticity against interception by privileged network attackers.

SI-2 Flaw Remediation good match
prevent

Ensures timely flaw remediation through patching to vendor-fixed versions, comprehensively addressing this specific authentication vulnerability.

SC-8 Transmission Confidentiality and Integrity partial match
prevent

Provides cryptographic protection for transmission confidentiality, integrity, and authenticity, limiting the impact of network traffic interception.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An…

more

attacker in a privileged network position may be able to intercept network traffic.

Deeper analysisAI

CVE-2026-28865 is an authentication issue addressed with improved state management, affecting multiple Apple operating systems including iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Sonoma prior to 14.8.5, macOS Tahoe prior to 26.4, tvOS prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4.

An attacker in a privileged network position may be able to intercept network traffic. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating network accessibility with low attack complexity, no privileges or user interaction required, unchanged scope, no impact on confidentiality or integrity, but high impact on availability. It is associated with CWE-285.

Apple has fixed this issue in the listed versions of iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. Additional details on mitigations are available in Apple's security advisories at https://support.apple.com/en-us/126792, https://support.apple.com/en-us/126793, https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796.

Details

CWE(s)
CWE-285

Affected Products

apple
ipados
≤ 18.7.7 · 26.0 — 26.4
apple
iphone os
≤ 18.7.7 · 26.0 — 26.4
apple
macos
14.0 — 14.8.5 · 15.0 — 15.7.5 · 26.0 — 26.4
apple
tvos
≤ 26.4
apple
visionos
≤ 26.4
apple
watchos
≤ 26.4

CVEs Like This One

CVE-2025-31255Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados
CVE-2025-43510Same product: Apple Ipados
CVE-2025-24137Same product: Apple Ipados
CVE-2025-24126Same product: Apple Ipados
CVE-2025-43347Same product: Apple Ipados
CVE-2025-24159Same product: Apple Ipados
CVE-2026-20650Same product: Apple Ipados
CVE-2026-20700Same product: Apple Ipados
CVE-2026-20641Same product: Apple Ipados

References