{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28816", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2026-03-03T16:36:03.967Z", "datePublished": "2026-03-25T00:31:51.848Z", "dateUpdated": "2026-03-25T00:31:51.848Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to delete files for which it does not have permission"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission."}], "references": [{"url": "https://support.apple.com/en-us/126794"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:31:51.848Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission."}], "id": "CVE-2026-28816", "lastModified": "2026-03-25T15:41:58.280", "metrics": {}, "published": "2026-03-25T01:17:06.870", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126794"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126795"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126796"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,14.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.7.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T02:48:04.476875+00:00", "value": {"mitigation_remediation": ["Apply the latest macOS update (Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4).", "Restore any deleted files from reliable backups and verify their integrity.", "Monitor system logs and file system events for unexpected deletions and review application permissions to limit scope of impact."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized File Deletion"}, "threat_synthesis": {"affected_systems": "The issue affects Apple\u2019s macOS operating system on all releases prior to the availability of macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Users running these older versions are vulnerable, while the vendor\u2019s patches in the specified updates resolve the flaw.", "description_and_impact": "This vulnerability arises from improper validation of file paths within macOS. An application that interacts with the file system may be allowed to delete files for which it has no permission. The result is loss of data and potential alteration of system state, which can compromise the confidentiality, integrity, and availability of user data and system configuration.", "risk_and_exploitability": "The CVSS score is not disclosed, and the EPSS score is unavailable, indicating limited publicly known exploitation data. The vulnerability is not listed in the CISA KEV catalog. Although the exact attack vector is not stated, it is inferred that an application could supply a malicious path locally or with elevated privileges, leading to unauthorized file deletion. The risk is moderate to high if critical files are affected, as the damage could be irreversible without backup restores."}}}}, "created": "2026-03-25T11:36:52.384004+00:00", "title": "Path Handling Issue Allowing Unauthorized File Deletion in macOS", "updated": "2026-03-25T20:56:36.200552+00:00", "vendors": ["apple", "apple$PRODUCT$macos"], "weaknesses": ["CWE-20", "CWE-22"]}