Medium severity6.5NVD Advisory· Published Mar 25, 2026· Updated May 10, 2026

CVE-2026-28863

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <26.4
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <26.4
Apple Inc./tvOS2 versions
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <26.4
- (no CPE)range: 0
Apple Inc./Visionos2 versions
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <26.4
- (no CPE)range: 0
Apple Inc./watchOS2 versions
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <26.4
- (no CPE)range: 0
Apple/iOS and iPadOSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/126792nvdVendor Advisory
support.apple.com/en-us/126797nvdVendor Advisory
support.apple.com/en-us/126798nvdVendor Advisory
support.apple.com/en-us/126799nvdVendor Advisory

News mentions

visionOS 26.5 RC (23O471)
Apple Security Releases · May 4, 2026
watchOS 26.5 RC (23T570)
Apple Security Releases · May 4, 2026
watchOS 26.5 beta 4 (23T5568a)
Apple Security Releases · Apr 27, 2026
visionOS 26.5 beta 4 (23O5468a)
Apple Security Releases · Apr 27, 2026
watchOS 26.4 (23T240)
Apple Security Releases · Mar 24, 2026
visionOS 26.4 (23O247)
Apple Security Releases · Mar 24, 2026

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000