CVE-2026-28964

High

Published: 11 May 2026

Published

11 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0002 5.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28964 is a high-severity User Interface (UI) Misrepresentation of Critical Information (CWE-451) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-451

References

https://support.apple.com/en-us/127110
product-security@apple.com
https://support.apple.com/en-us/127120
product-security@apple.com