macOS DoS via App FS Mod, fixed in 15.7.7/14.8.7: CVE-2026-28908 May 2026

A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system.

Vulnerability Analysis

CVE-2026-28908 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-28908 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2026-28908

stack.watch emails you whenever new vulnerabilities are published in Apple macOS or Apple Macos Sonoma. Just hit a watch button to start following.

macOS DoS via App FS Mod, fixed in 15.7.7/14.8.7
CVE-2026-28908 Published on May 11, 2026

Vulnerability Analysis

Weakness Type

What is a Resource Exhaustion Vulnerability?

Products Associated with CVE-2026-28908

Affected Versions

macOS DoS via App FS Mod, fixed in 15.7.7/14.8.7CVE-2026-28908 Published on May 11, 2026

Vulnerability Analysis

Weakness Type

What is a Resource Exhaustion Vulnerability?

Products Associated with CVE-2026-28908

Affected Versions

macOS DoS via App FS Mod, fixed in 15.7.7/14.8.7
CVE-2026-28908 Published on May 11, 2026