CVE-2026-28914: A maliciously crafted ZIP archive may bypass Gatekeeper checks in Apple macOS
CVE-2026-28914 is a vulnerability in Apple macOS where a logic issue in file handling allows a maliciously crafted ZIP archive to bypass Gatekeeper checks. This issue has been addressed and fixed in macOS Tahoe 26. 5. Gatekeeper is a security feature designed to ensure that only trusted software runs on macOS. The vulnerability could potentially allow untrusted code to execute by circumventing these checks. There is no CVSS score available for this vulnerability, and no known exploits in the wild have been reported. Patch status is not explicitly confirmed beyond the mention of a fix in macOS Tahoe 26. 5. No geographic targeting is indicated.
AI Analysis
Technical Summary
This vulnerability involves a logic flaw in macOS's handling of ZIP archives that enables a specially crafted archive to bypass Gatekeeper security checks. Gatekeeper is intended to prevent execution of untrusted software by verifying app signatures and source. The issue was resolved by improved file handling in macOS Tahoe 26.5, which mitigates the bypass. No CVSS score or detailed technical exploitation information is provided. No vendor advisory or patch link is included, but the description states the fix is in macOS Tahoe 26.5.
Potential Impact
If exploited, this vulnerability could allow an attacker to bypass Gatekeeper protections, potentially enabling execution of untrusted or malicious code on affected macOS systems. This undermines a key macOS security control designed to prevent unauthorized software execution. However, no known exploits in the wild have been reported, and the fix is available in macOS Tahoe 26.5.
Mitigation Recommendations
Apply the official fix by upgrading to macOS Tahoe 26.5 or later, where the issue is addressed with improved file handling. Since this is an operating system vulnerability, updating to the fixed version is the recommended remediation. Patch status beyond this is not explicitly confirmed; users should verify with Apple’s official advisories for the latest update information.
CVE-2026-28914: A maliciously crafted ZIP archive may bypass Gatekeeper checks in Apple macOS
Description
CVE-2026-28914 is a vulnerability in Apple macOS where a logic issue in file handling allows a maliciously crafted ZIP archive to bypass Gatekeeper checks. This issue has been addressed and fixed in macOS Tahoe 26. 5. Gatekeeper is a security feature designed to ensure that only trusted software runs on macOS. The vulnerability could potentially allow untrusted code to execute by circumventing these checks. There is no CVSS score available for this vulnerability, and no known exploits in the wild have been reported. Patch status is not explicitly confirmed beyond the mention of a fix in macOS Tahoe 26. 5. No geographic targeting is indicated.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a logic flaw in macOS's handling of ZIP archives that enables a specially crafted archive to bypass Gatekeeper security checks. Gatekeeper is intended to prevent execution of untrusted software by verifying app signatures and source. The issue was resolved by improved file handling in macOS Tahoe 26.5, which mitigates the bypass. No CVSS score or detailed technical exploitation information is provided. No vendor advisory or patch link is included, but the description states the fix is in macOS Tahoe 26.5.
Potential Impact
If exploited, this vulnerability could allow an attacker to bypass Gatekeeper protections, potentially enabling execution of untrusted or malicious code on affected macOS systems. This undermines a key macOS security control designed to prevent unauthorized software execution. However, no known exploits in the wild have been reported, and the fix is available in macOS Tahoe 26.5.
Mitigation Recommendations
Apply the official fix by upgrading to macOS Tahoe 26.5 or later, where the issue is addressed with improved file handling. Since this is an operating system vulnerability, updating to the fixed version is the recommended remediation. Patch status beyond this is not explicitly confirmed; users should verify with Apple’s official advisories for the latest update information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2026-03-03T16:36:03.985Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028752cbff5d86108b583f
Added to database: 5/12/2026, 1:50:10 AM
Last enriched: 5/12/2026, 1:58:22 AM
Last updated: 5/12/2026, 3:48:12 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.