CVE-2026-28929
HIGHDescription
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode.
Is your site exposed to CVE-2026-28929?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apple | ipados |
| apple | iphone_os |
| apple | macos |
| apple | macos |
| apple | macos |
References
Frequently Asked Questions
What is CVE-2026-28929? +
How severe is CVE-2026-28929? +
What products are affected by CVE-2026-28929? +
How do I check if I'm vulnerable to CVE-2026-28929? +
Related Vulnerabilities
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may …
This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app …
Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer …
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, …
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS …