Medium severity6.5NVD Advisory· Published May 11, 2026· Updated May 13, 2026
CVE-2026-28918
CVE-2026-28918
Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 26.5
Patches
Vulnerability mechanics
References
5- support.apple.com/en-us/127110nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127115nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127118nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127119nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127120nvdRelease NotesVendor Advisory
News mentions
2- ZDI-26-311: Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure VulnerabilityZero Day Initiative · May 12, 2026
- Apple Patches Everything, (Mon, May 11th)SANS Internet Storm Center · May 11, 2026