Main Vulnerability Database Vulnerabilities #VU124390

#VU124390 Improper access control in macOS - CVE-2026-28867

Published: March 25, 2026

Vulnerability identifier: #VU124390

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-28867

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
macOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a local user to execute arbitrary code in kernel space.

The vulnerability exists due to improper access control in the kernel when handling local application requests. A local user can exploit this to execute arbitrary code in kernel space.

Successful exploitation may allow the attacker to gain full control over the system.

Remediation

Install update from vendor's website.

External links

https://support.apple.com/en-us/126794

#VU124390 Improper access control in macOS - CVE-2026-28867

Description

Remediation

External links

Please verify you're human