macOS 26.x — End of Life
Active High risk1 release in this series87 CVEs
macOS 26.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 26 | Sep 15, 2025 | — | No | 26.5.1 | Active |
CVEs affecting macOS 26.x (87)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-28923 | HIGH | 8.8 | 0.01% | — | 26 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14… | May 11, 2026 |
| CVE-2026-28978 | HIGH | 8.8 | 0.01% | — | 26 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonom… | May 11, 2026 |
| CVE-2026-28955 | HIGH | 8.8 | 0.03% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,… | May 11, 2026 |
| CVE-2025-43524 | HIGH | 8.8 | 0.01% | — | 26 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS S… | May 12, 2026 |
| CVE-2026-28847 | HIGH | 8.8 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,… | May 11, 2026 |
| CVE-2026-28947 | HIGH | 8.8 | 0.05% | — | 26 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and i… | May 11, 2026 |
| CVE-2026-28940 | HIGH | 8.8 | 0.05% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and… | May 11, 2026 |
| CVE-2026-28995 | HIGH | 8.8 | 0.01% | — | 26 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 an… | May 11, 2026 |
| CVE-2026-28907 | HIGH | 8.1 | 0.15% | — | 26 | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9… | May 11, 2026 |
| CVE-2026-28915 | HIGH | 7.8 | 0.02% | — | 26 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in m… | May 11, 2026 |
| CVE-2026-28919 | HIGH | 7.8 | 0.01% | — | 26 | A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonom… | May 11, 2026 |
| CVE-2026-28951 | HIGH | 7.8 | 0.01% | — | 26 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9… | May 11, 2026 |
| CVE-2026-28840 | HIGH | 7.8 | 0.01% | — | 26 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonom… | May 11, 2026 |
| CVE-2026-43660 | HIGH | 7.5 | 0.12% | — | 26 | A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, … | May 11, 2026 |
| CVE-2026-28969 | HIGH | 7.5 | 0.05% | — | 26 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.… | May 11, 2026 |
| CVE-2026-39870 | HIGH | 7.5 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7,… | May 11, 2026 |
| CVE-2026-39871 | HIGH | 7.5 | 0.04% | — | 26 | A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.… | May 11, 2026 |
| CVE-2026-43652 | HIGH | 7.5 | 0.04% | — | 26 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be a… | May 11, 2026 |
| CVE-2026-28848 | HIGH | 7.5 | 0.11% | — | 26 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe … | May 11, 2026 |
| CVE-2026-28860 | HIGH | 7.5 | 0.12% | — | 26 | The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 an… | May 11, 2026 |
| CVE-2026-28883 | HIGH | 7.5 | 0.05% | — | 26 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and i… | May 11, 2026 |
| CVE-2026-28904 | HIGH | 7.5 | 0.05% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,… | May 11, 2026 |
| CVE-2026-28905 | HIGH | 7.5 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac… | May 11, 2026 |
| CVE-2026-28906 | HIGH | 7.5 | 0.05% | — | 26 | This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.… | May 11, 2026 |
| CVE-2026-28908 | HIGH | 7.5 | 0.05% | — | 26 | A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, ma… | May 11, 2026 |
| CVE-2026-43661 | HIGH | 7.5 | 0.06% | — | 26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, ma… | May 11, 2026 |
| CVE-2026-28913 | HIGH | 7.5 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac… | May 11, 2026 |
| CVE-2026-28944 | HIGH | 7.5 | 0.06% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac… | May 11, 2026 |
| CVE-2026-28952 | HIGH | 7.5 | 0.02% | — | 26 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, m… | May 11, 2026 |
| CVE-2026-28953 | HIGH | 7.5 | 0.05% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,… | May 11, 2026 |
| CVE-2026-28954 | HIGH | 7.5 | 0.04% | — | 26 | A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macO… | May 11, 2026 |
| CVE-2026-43668 | HIGH | 7.5 | 0.16% | — | 26 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.… | May 11, 2026 |
| CVE-2026-28959 | HIGH | 7.5 | 0.08% | — | 26 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS … | May 11, 2026 |
| CVE-2026-43658 | HIGH | 7.5 | 0.05% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac… | May 11, 2026 |
| CVE-2026-28962 | HIGH | 7.5 | 0.06% | — | 26 | This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18… | May 11, 2026 |
| CVE-2026-28974 | HIGH | 7.5 | 0.05% | — | 26 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadO… | May 11, 2026 |
| CVE-2026-28976 | HIGH | 7.5 | 0.04% | — | 26 | An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be … | May 11, 2026 |
| CVE-2026-28983 | HIGH | 7.5 | 0.21% | — | 26 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5… | May 11, 2026 |
| CVE-2026-28986 | HIGH | 7.5 | 0.06% | — | 26 | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5… | May 11, 2026 |
| CVE-2026-28987 | HIGH | 7.5 | 0.05% | — | 26 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.… | May 11, 2026 |
| CVE-2026-28990 | HIGH | 7.5 | 0.05% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15… | May 11, 2026 |
| CVE-2026-28991 | HIGH | 7.5 | 0.06% | — | 26 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macO… | May 11, 2026 |
| CVE-2026-28846 | HIGH | 7.5 | 0.18% | — | 26 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS … | May 11, 2026 |
| CVE-2026-43654 | HIGH | 7.5 | 0.05% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and… | May 11, 2026 |
| CVE-2026-28924 | HIGH | 7.5 | 0.04% | — | 26 | A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, ma… | May 11, 2026 |
| CVE-2026-28925 | HIGH | 7.5 | 0.04% | — | 26 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma… | May 11, 2026 |
| CVE-2026-28929 | HIGH | 7.5 | 0.04% | — | 26 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.… | May 11, 2026 |
| CVE-2026-28930 | HIGH | 7.5 | 0.04% | — | 26 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be a… | May 11, 2026 |
| CVE-2026-28936 | HIGH | 7.5 | 0.11% | — | 26 | The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 2… | May 11, 2026 |
| CVE-2026-28943 | HIGH | 7.5 | 0.05% | — | 26 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.… | May 11, 2026 |
| CVE-2026-43655 | HIGH | 7.3 | 0.05% | — | 26 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macO… | May 11, 2026 |
| CVE-2026-43656 | HIGH | 7.3 | 0.07% | — | 26 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS … | May 11, 2026 |
| CVE-2026-28941 | HIGH | 7.1 | 0.04% | — | 26 | The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7,… | May 11, 2026 |
| CVE-2026-28920 | MEDIUM | 6.5 | 0.05% | — | 26 | An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iO… | May 11, 2026 |
| CVE-2026-28922 | MEDIUM | 6.5 | 0.03% | — | 26 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14… | May 11, 2026 |
| CVE-2026-28902 | MEDIUM | 6.5 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac… | May 11, 2026 |
| CVE-2026-28956 | MEDIUM | 6.5 | 0.04% | — | 26 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5,… | May 11, 2026 |
| CVE-2026-28942 | MEDIUM | 6.5 | 0.01% | — | 26 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and i… | May 11, 2026 |
| CVE-2026-28946 | MEDIUM | 6.5 | 0.04% | — | 26 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26… | May 11, 2026 |
| CVE-2026-28918 | MEDIUM | 6.5 | 0.05% | — | 26 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26… | May 11, 2026 |
| CVE-2026-28903 | MEDIUM | 6.5 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,… | May 11, 2026 |
| CVE-2026-28972 | MEDIUM | 6.5 | 0.06% | — | 26 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS … | May 11, 2026 |
| CVE-2026-28897 | MEDIUM | 6.2 | 0.01% | — | 26 | A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS… | May 11, 2026 |
| CVE-2026-43653 | MEDIUM | 6.2 | 0.01% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and… | May 11, 2026 |
| CVE-2026-28977 | MEDIUM | 6.2 | 0.01% | — | 26 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and i… | May 11, 2026 |
| CVE-2026-43666 | MEDIUM | 6.2 | 0.01% | — | 26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 1… | May 11, 2026 |
| CVE-2026-28985 | MEDIUM | 6.2 | 0.01% | — | 26 | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5… | May 11, 2026 |
| CVE-2025-46307 | MEDIUM | 5.5 | 0.01% | — | 26 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to acc… | May 26, 2026 |
| CVE-2026-28914 | MEDIUM | 5.5 | 0.02% | — | 26 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted … | May 11, 2026 |
| CVE-2026-28958 | MEDIUM | 5.5 | 0.01% | — | 26 | This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, ma… | May 11, 2026 |
| CVE-2026-28988 | MEDIUM | 5.5 | 0.01% | — | 26 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS T… | May 11, 2026 |
| CVE-2026-28993 | MEDIUM | 5.5 | 0.01% | — | 26 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 1… | May 11, 2026 |
| CVE-2026-28996 | MEDIUM | 5.5 | 0.01% | — | 26 | A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoi… | May 11, 2026 |
| CVE-2025-43451 | MEDIUM | 5.5 | 0.01% | — | 26 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be … | May 26, 2026 |
| CVE-2025-46280 | MEDIUM | 5.5 | 0.01% | — | 26 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be … | May 26, 2026 |
| CVE-2026-20696 | MEDIUM | 5.5 | 0.01% | — | 26 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may… | May 11, 2026 |
| CVE-2026-28819 | MEDIUM | 5.4 | 0.05% | — | 26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 1… | May 11, 2026 |
| CVE-2026-28994 | MEDIUM | 5.3 | 0.03% | — | 26 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.… | May 11, 2026 |
| CVE-2026-28830 | MEDIUM | 4.7 | 0.01% | — | 26 | A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able t… | May 11, 2026 |
| CVE-2026-28992 | MEDIUM | 4.7 | 0.01% | — | 26 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7… | May 11, 2026 |
| CVE-2026-43659 | MEDIUM | 4.7 | 0.01% | — | 26 | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5… | May 11, 2026 |
| CVE-2026-28961 | MEDIUM | 4.6 | 0.02% | — | 26 | This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access… | May 11, 2026 |
| CVE-2026-28901 | MEDIUM | 4.3 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac… | May 11, 2026 |
| CVE-2026-28917 | MEDIUM | 4.3 | 0.17% | — | 26 | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9… | May 11, 2026 |
| CVE-2026-28971 | MEDIUM | 4.3 | 0.03% | — | 26 | The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS T… | May 11, 2026 |
| CVE-2026-39869 | MEDIUM | 4.3 | 0.04% | — | 26 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and… | May 11, 2026 |
| CVE-2026-28910 | LOW | 3.3 | 0.01% | — | 26 | This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app ma… | May 11, 2026 |
Frequently asked questions
Is macOS 26 end of life?
No. macOS 26.x is still supported. It continues to receive security patches and bug fixes.
What CVEs affect macOS 26?
There are 87 CVEs tracked for macOS 26.x. See the full list above with CVSS and EPSS scores.
What is the latest macOS 26 version?
The latest macOS 26.x patch release is 26.5.1, released on June 1, 2026. Always run the latest patch to benefit from all security fixes.
When was macOS 26 first released?
macOS 26.0 was initially released on September 15, 2025. See the full version timeline in the table above.
Is it safe to run macOS 26 in production?
macOS 26 is still supported and safe for production use. Ensure you are running the latest patch version (26.5.1) to have all security fixes applied.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA