CVE-2026-28845 is an authorization vulnerability identified in Apple macOS, specifically addressed in the macOS Tahoe 26.4 update. The root cause is an authorization issue related to insufficient or improper state management, which allows an application to bypass intended access controls and gain access to protected user data. This vulnerability is classified under CWE-285 (Improper Authorization). The CVSS v3.1 base score is 5.5, reflecting a medium severity level. The attack vector is local (AV:L), requiring the attacker to have local access to the system. The attack complexity is low (AC:L), meaning exploitation does not require specialized conditions. No privileges are required (PR:N), but user interaction is necessary (UI:R), such as running a malicious app or clicking a prompt. The scope is unchanged (S:U), indicating the vulnerability affects resources within the same security scope. The impact is high on confidentiality (C:H), but there is no impact on integrity (I:N) or availability (A:N). This means sensitive user data could be exposed without modification or disruption of system operations. No public exploit code or active exploitation has been reported to date. The vulnerability affects macOS systems prior to the 26.4 update, and Apple has addressed the issue by improving state management in authorization checks to prevent unauthorized data access.

The primary impact of CVE-2026-28845 is the unauthorized disclosure of protected user data on affected macOS systems. This can lead to privacy violations, leakage of sensitive personal or corporate information, and potential compliance issues for organizations handling regulated data. Since the vulnerability requires local access and user interaction, the risk is somewhat mitigated but remains significant in environments where users might run untrusted applications or be subject to social engineering attacks. Attackers could leverage this flaw to escalate their access to sensitive data without needing elevated privileges, increasing the risk of insider threats or malware exploiting this vulnerability post-compromise. The lack of impact on integrity and availability limits the threat to data confidentiality only. Organizations relying heavily on macOS devices for sensitive operations or data storage are at risk of data exposure if not patched promptly.

To mitigate CVE-2026-28845, organizations should prioritize updating all macOS devices to version Tahoe 26.4 or later, where the vulnerability is fixed. Beyond patching, implement strict application control policies to restrict the execution of untrusted or unsigned applications, reducing the risk of malicious apps exploiting this flaw. Employ endpoint detection and response (EDR) solutions capable of monitoring for suspicious local activity and unauthorized access attempts to protected data. Educate users about the risks of running unknown applications and the importance of cautious interaction with prompts or requests for permissions. Regularly audit local user permissions and remove unnecessary access rights to minimize the attack surface. Additionally, consider deploying macOS security features such as System Integrity Protection (SIP) and privacy protections to further limit unauthorized data access. Maintain up-to-date backups and monitor security advisories for any emerging exploit developments related to this vulnerability.