CVE-2026-28950

MEDIUM

Apple Ios And iPadOS < 18.7.8 - Denial of Service

Title source: rule

Description

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

References (4)

[Mailing List] http://seclists.org/fulldisclosure/2026/Apr/14

[Mailing List] http://seclists.org/fulldisclosure/2026/Apr/15

https://support.apple.com/en-us/127003

https://support.apple.com/en-us/127002

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (4)

Apple/iOS and iPadOS unspecified - 18.7.8

Apple/iOS and iPadOS unspecified - 26.4.2

apple/ipados < 18.7.8

apple/iphone_os < 18.7.8

Published Apr 22, 2026

Tracked Since Apr 23, 2026