Main Vulnerability Database Vulnerabilities #VU124395

#VU124395 Path traversal in macOS - CVE-2026-28816

Published: March 25, 2026

Vulnerability identifier: #VU124395

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-28816

CWE-ID: CWE-22

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
macOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a local user to execute arbitrary code or escalate privileges.

The vulnerability exists due to improper input validation in the Notes component when opening a specially crafted file. A local user can open a malicious file to trigger the vulnerability and execute arbitrary code or escalate privileges.

Successful exploitation may allow the attacker to execute code in the context of the current user or gain elevated privileges if the Notes application runs with higher privileges.

Remediation

Install update from vendor's website.

External links

https://support.apple.com/en-us/126794

#VU124395 Path traversal in macOS - CVE-2026-28816

Description

Remediation

External links

Please verify you're human