CVE-2026-28950
MEDIUMiOS/iPadOS <15.8.8/<16.7.16/<17.7.11/<18.7.8/<26.4.2 - Private Data Exposure via Logging
Title source: llmDescription
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device.
References (10)
Core 10
Core References
Mailing List
http://seclists.org/fulldisclosure/2026/Apr/14
Mailing List
http://seclists.org/fulldisclosure/2026/Apr/15
Mailing List
http://seclists.org/fulldisclosure/2026/May/10
Mailing List
http://seclists.org/fulldisclosure/2026/May/8
Mailing List
http://seclists.org/fulldisclosure/2026/May/9
Scores
CVSS v3
6.2
EPSS
0.0288
EPSS Percentile
85.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-359
Status
published
Products (9)
Apple/iOS and iPadOS
< 15.8.8
Apple/iOS and iPadOS
< 16.7.16
Apple/iOS and iPadOS
< 18.7.8
Apple/iOS and iPadOS
< 26.4.2
Apple/iOS and iPadOS
unspecified - 18.7.8
Apple/iOS and iPadOS
unspecified - 26.4.2
Apple/iPadOS
< 17.7.11
apple/ipados
< 18.7.8
apple/iphone_os
< 18.7.8
Published
Apr 22, 2026
Tracked Since
Apr 23, 2026