CVE-2026-28835

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/126794	Release Notes Vendor Advisory
https://support.apple.com/en-us/126795	Release Notes Vendor Advisory
https://support.apple.com/en-us/126796	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2026-03-25 01:17

Updated : 2026-03-25 21:30

NVD link : CVE-2026-28835

Mitre link : CVE-2026-28835

CVE.ORG link : CVE-2026-28835

JSON object : View

Products Affected

apple

macos

CWE

CWE-416

Use After Free

{"id": "CVE-2026-28835", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-25T01:17:08.587", "references": [{"url": "https://support.apple.com/en-us/126794", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126795", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126796", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination."}, {"lang": "es", "value": "Un problema de uso despu\u00e9s de liberaci\u00f3n se abord\u00f3 con una gesti\u00f3n de memoria mejorada. Este problema est\u00e1 solucionado en macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. El montaje de una compartici\u00f3n de red SMB dise\u00f1ada maliciosamente puede provocar la terminaci\u00f3n del sistema."}], "lastModified": "2026-03-25T21:30:50.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D66288AF-23BD-407A-81F5-F1DFBF84C622", "versionEndExcluding": "14.8.5", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD21D2C9-BBEC-4E8E-B8D2-C92B7E6155E1", "versionEndExcluding": "15.7.5", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F", "versionEndExcluding": "26.4", "versionStartIncluding": "26.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}