Description
CVE-2026-28827 is a parsing issue in the handling of directory paths within macOS's NetFSFramework. According to Apple's advisory, the flaw could allow an app to break out of its sandbox. It was jointly credited to Csaba Fitzl (@theevilbit) of Iru and an anonymous researcher.
Impact
Exploitation of this vulnerability could allow a sandboxed app to escape its sandbox by exploiting improper path validation in NetFSFramework. Apple addressed the issue with improved path validation in macOS Tahoe 26.4.
CVE-2026-20622
A privacy issue in macOS's Shortcuts app could let malicious apps capture screen content. Apple has addressed this vulnerability in version 26.3.
Learn MoreCVE-2025-14847
MongoDB Server vulnerability CVE-2025-14847, dubbed MongoBleed, allows unauthenticated remote attackers to leak sensitive data.
Learn MoreCVE-2024-44253
CVE-2024-44253 is a permissions issue within Apple's PackageKit framework that could allow an application to modify protected parts of the file system.
Learn More