CVE-2026-28963
Summary
| CVE | CVE-2026-28963 |
|---|---|
| State | PUBLISHED |
| Assigner | apple |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-11 21:18:57 UTC |
| Updated | 2026-05-12 19:16:29 UTC |
| Description | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring. |
Risk And Classification
Primary CVSS: v3.1 4.6 MEDIUM from ADP
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Problem Types: CWE-359 | An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring | CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
PhysicalAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Apple | IOS And IPadOS | affected 26.5 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.apple.com/en-us/127110 | [email protected] | support.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.