CVE-2026-39871
HIGHDescription
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.
Is your site exposed to CVE-2026-39871?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apple | macos |
| apple | macos |
| apple | macos |
References
Frequently Asked Questions
What is CVE-2026-39871? +
How severe is CVE-2026-39871? +
What products are affected by CVE-2026-39871? +
How do I check if I'm vulnerable to CVE-2026-39871? +
Related Vulnerabilities
Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to …
The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from …
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file …
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or …
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow …
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, …