CVE-2026-28863

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/126792	Vendor Advisory
https://support.apple.com/en-us/126797	Vendor Advisory
https://support.apple.com/en-us/126798	Vendor Advisory
https://support.apple.com/en-us/126799	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2026-03-25 01:17

Updated : 2026-03-26 20:12

NVD link : CVE-2026-28863

Mitre link : CVE-2026-28863

CVE.ORG link : CVE-2026-28863

JSON object : View

Products Affected

apple

watchos
ipados
visionos
iphone_os
tvos

CWE

NVD-CWE-noinfo

{"id": "CVE-2026-28863", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-25T01:17:10.347", "references": [{"url": "https://support.apple.com/en-us/126792", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126797", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126798", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126799", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user."}, {"lang": "es", "value": "Se abord\u00f3 un problema de permisos con restricciones adicionales. Este problema est\u00e1 solucionado en iOS 26.4 y iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Una aplicaci\u00f3n podr\u00eda tomar la huella digital del usuario."}], "lastModified": "2026-03-26T20:12:35.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F813DB63-2B55-4E0B-9073-5465C65F69D6", "versionEndExcluding": "26.4"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01612D13-BE5B-43F8-B53E-5BF57F2A5B0C", "versionEndExcluding": "26.4"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A906E2B7-B83B-4AD0-B00F-BEDEF2EDB844", "versionEndExcluding": "26.4"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "113B9705-BFF0-4357-B1AB-F57052F32361", "versionEndExcluding": "26.4"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6EAF0A5-7CFF-4EF6-9BC7-DB25B213F753", "versionEndExcluding": "26.4"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}