{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28827", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2026-03-03T16:36:03.968Z", "datePublished": "2026-03-25T00:31:49.295Z", "dateUpdated": "2026-03-25T00:31:49.295Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox."}], "references": [{"url": "https://support.apple.com/en-us/126794"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:31:49.295Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox."}], "id": "CVE-2026-28827", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T01:17:07.890", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126794"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126795"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126796"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,14.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.7.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T02:49:11.887591+00:00", "value": {"mitigation_remediation": ["Update macOS to the latest version (Sequoia\u202f15.7.5, Sonoma\u202f14.8.5, or Tahoe\u202f26.4) on all affected devices.", "Verify the update by checking the system version information in System Settings.", "If an update is not immediately possible, limit execution of unknown or unsigned applications and monitor for suspicious sandbox escapes. No vendor workaround is published, so applying the patch remains the sole remediation."], "summary": {"action": "Apply Patch", "impact": "Sandbox Escape"}, "threat_synthesis": {"affected_systems": "Apple macOS is affected. The flaw is present in versions prior to macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Devices running any earlier release of these macOS series are vulnerable.", "description_and_impact": "A parsing issue in the handling of directory paths in macOS allowed an application to break out of its sandbox. The vulnerability arises from improper validation of path components, enabling the execution of commands or access to files outside the sanctioned sandbox environment. This flaw effectively turns a confined application into a privileged process, compromising confidentiality, integrity, and availability of the underlying system.", "risk_and_exploitability": "The CVSS score is not publicly disclosed, and the EPSS value is unavailable, indicating the exploitation likelihood is currently unknown. Because the flaw permits escape from an application sandbox, a successful exploit could grant the attacker full system access, making the risk severe. No public exploits have been reported, and the vulnerability is not listed in the CISA KEV catalog, but the lack of mitigation could leave users vulnerable. The likely attack vector is a compromised or malicious application that may be able to craft directory paths; local execution or elevated privileges on the device enable the exploit."}}}}, "created": "2026-03-25T11:36:55.186830+00:00", "title": "Sandbox Escape Vulnerability in macOS Directory Path Parsing", "updated": "2026-03-25T20:56:39.611499+00:00", "vendors": ["apple", "apple$PRODUCT$macos"], "weaknesses": ["CWE-22", "CWE-20"]}