VYPR
Medium severity5.5NVD Advisory· Published Mar 25, 2026· Updated May 11, 2026

CVE-2026-28877

CVE-2026-28877

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <26.4
    • (no CPE)range: fixed in 18.7.9 and 26.4 (depending on branch)
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <26.4
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=15.0,<15.7.5
    • (no CPE)range: 0
  • cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <26.4
    • (no CPE)range: 0
  • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <26.4
    • (no CPE)range: 0
  • Range: fixed in 18.7.9 and 26.4 (depending on branch)
  • Range: fixed in 15.7.5
  • Range: 0

Patches

Vulnerability mechanics

References

7

News mentions

1