{"api_version":"1","generated_at":"2026-05-12T23:15:52+00:00","cve":"CVE-2026-28974","urls":{"html":"https://cve.report/CVE-2026-28974","api":"https://cve.report/api/cve/CVE-2026-28974.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-28974","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-28974"},"summary":{"title":"CVE-2026-28974","description":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.","state":"PUBLISHED","assigner":"apple","published_at":"2026-05-11 21:18:58","updated_at":"2026-05-12 18:46:27"},"problem_types":["CWE-284","An app may be able to cause a denial-of-service","CWE-284 CWE-284 Improper Access Control"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://support.apple.com/en-us/127118","name":"https://support.apple.com/en-us/127118","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/127115","name":"https://support.apple.com/en-us/127115","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/127120","name":"https://support.apple.com/en-us/127120","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/127116","name":"https://support.apple.com/en-us/127116","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/127119","name":"https://support.apple.com/en-us/127119","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/127110","name":"https://support.apple.com/en-us/127110","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-28974","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28974","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 26.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 15.7.7 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 26.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"tvOS","version":"affected 26.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"visionOS","version":"affected 26.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"watchOS","version":"affected 26.5 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"28974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-28974","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-12T13:21:39.486075Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T13:21:46.371Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"26.5","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"15.7.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"26.5","status":"affected","version":"0","versionType":"custom"}]},{"product":"tvOS","vendor":"Apple","versions":[{"lessThan":"26.5","status":"affected","version":"0","versionType":"custom"}]},{"product":"visionOS","vendor":"Apple","versions":[{"lessThan":"26.5","status":"affected","version":"0","versionType":"custom"}]},{"product":"watchOS","vendor":"Apple","versions":[{"lessThan":"26.5","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service."}],"problemTypes":[{"descriptions":[{"description":"An app may be able to cause a denial-of-service","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-05-11T20:07:47.446Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/127110"},{"url":"https://support.apple.com/en-us/127115"},{"url":"https://support.apple.com/en-us/127116"},{"url":"https://support.apple.com/en-us/127118"},{"url":"https://support.apple.com/en-us/127119"},{"url":"https://support.apple.com/en-us/127120"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2026-28974","datePublished":"2026-05-11T20:07:47.446Z","dateReserved":"2026-03-03T16:36:03.992Z","dateUpdated":"2026-05-12T13:21:46.371Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-11 21:18:58","lastModifiedDate":"2026-05-12 18:46:27","problem_types":["CWE-284","An app may be able to cause a denial-of-service","CWE-284 CWE-284 Improper Access Control"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5","matchCriteriaId":"9D9FC2C4-7A7C-4330-A226-255428A5D18E"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5","matchCriteriaId":"0A70A5FD-8891-4C4E-9D35-F217F95027B5"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.7.7","matchCriteriaId":"2984C440-3DC2-413A-B5FA-1FAB21078DB8"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.5","matchCriteriaId":"6CB91417-90A8-4A9B-A1D0-1D94B80EF837"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5","matchCriteriaId":"176C47FD-FA25-437B-9061-A81CAA367AEF"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5","matchCriteriaId":"C8F45D80-0DF8-444E-9AF1-703A1075F046"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5","matchCriteriaId":"057B244F-5485-4108-8E23-FE15F5256EE7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"28974","Ordinal":"1","Title":"CVE-2026-28974","CVE":"CVE-2026-28974","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"28974","Ordinal":"1","NoteData":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.","Type":"Description","Title":"CVE-2026-28974"}]}}}