CVE-2026-28952
Published: 11 May 2026
Summary
CVE-2026-28952 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29257
Vulnerability details
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow in input validation allows local app to trigger system crash/termination (endpoint DoS via exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.