Cyber Posture

CVE-2026-28858

Critical

Published: 25 March 2026

Published
25 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 34.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Implements bounds checking and input validation to directly prevent buffer overflows like CVE-2026-28858 in the kernel.

SI-16 Memory Protection good match
prevent

Provides memory protection mechanisms that mitigate kernel memory corruption and unauthorized execution from buffer overflow exploits.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of flaws such as CVE-2026-28858 to remediate the vulnerability.

Security SummaryAI

CVE-2026-28858 is a buffer overflow vulnerability (CWE-120) addressed through improved bounds checking in the kernel of iOS and iPadOS. It affects versions of iOS and iPadOS prior to 26.4, where insufficient bounds validation allows memory corruption. The issue was publicly disclosed on March 25, 2026, and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high confidentiality, integrity, and availability impacts.

A remote attacker requires no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation could enable the attacker to cause unexpected system termination, effectively resulting in a denial-of-service condition, or corrupt kernel memory, potentially leading to arbitrary code execution or further privilege escalation within the kernel context.

Apple's security advisory at https://support.apple.com/en-us/126792 confirms the vulnerability was remediated in iOS 26.4 and iPadOS 26.4 via enhanced bounds checking. Security practitioners should prioritize updating affected devices to these versions to mitigate the risk.

Details

CWE(s)
CWE-120

Affected Products

apple
ipados
≤ 26.4
apple
iphone os
≤ 26.4

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote unauthenticated kernel buffer overflow enables exploitation of public-facing system component (T1190), potential kernel RCE/privilege escalation (T1068), and system termination DoS via system exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References