{"uuid": "43ea14c5-971c-4e1b-a785-7436e620bd49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "security content of macOS Tahoe 26.5", "description": "# About the security content of macOS Tahoe 26.5 - Apple Support\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security releases](https://support.apple.com/en-us/100100) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](https://www.cve.org/About/Overview) when possible.\n\nFor more information about security, see the [Apple Product Security](https://support.apple.com/en-us/102549) page.\n\nReleased May 11, 2026\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause a denial-of-service\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2026-28991: Seiji Sakurai (@HeapSmasher)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to bypass certain Privacy preferences\n\nDescription: A permissions issue was addressed with additional restrictions.\n\nCVE-2026-28988: Asaf Cohen\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2026-28959: Dave G.\n\nAvailable for: macOS Tahoe\n\nImpact: A malicious app may be able to break out of its sandbox\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2026-28995: Vamshi Paili, Tony Gorez (@tonygo\\_) for Reverse Society\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted image may lead to a denial-of-service\n\nDescription: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at [cve.org](https://www.cve.org/).\n\nCVE-2026-1837\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2026-28956: impost0r (ret2plt)\n\nAvailable for: macOS Tahoe\n\nImpact: Processing an audio stream in a maliciously crafted media file may terminate the process\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2026-39869: David Ige of Beryllium Security\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access private information\n\nDescription: This issue was addressed through improved state management.\n\nCVE-2026-28922: Arni Hardarson\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted file may lead to unexpected app termination\n\nDescription: The issue was addressed with improved checks.\n\nCVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs\n\nAvailable for: macOS Tahoe\n\nImpact: Parsing a maliciously crafted file may lead to an unexpected app termination\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2026-28918: Niels Hofmans, Anonymous working with TrendAI Zero Day Initiative\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to gain root privileges\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access sensitive user data\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2026-43659: Alex Radocea\n\nAvailable for: macOS Tahoe\n\nImpact: A malicious app may be able to break out of its sandbox\n\nDescription: A logging issue was addressed with improved data redaction.\n\nCVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2026-28925: Aswin Kumar Gokula Kannan, Dave G.\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted image may corrupt process memory\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2026-43661: an anonymous researcher\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted file may lead to unexpected app termination\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2026-28977: Suresh Sundaram\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted image may corrupt process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2026-28990: Jiri Ha, Arni Hardarson\n\nAvailable for: macOS Tahoe\n\nImpact: A malicious app may be able to break out of its sandbox\n\nDescription: A permissions issue was addressed with additional restrictions.\n\nCVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker may be able to cause unexpected app termination\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2026-28992: Johnny Franks (@zeroxjf)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to determine kernel memory layout\n\nDescription: A logging issue was addressed with improved data redaction.\n\nCVE-2026-28943: Google Threat Analysis Group\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2026-43655: Somair Ansar and an anonymous researcher\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: A denial of service issue was addressed by removing the vulnerable code.\n\nCVE-2026-28908: beist\n\nAvailable for: macOS Tahoe\n\nImpact: A maliciously crafted disk image may bypass Gatekeeper checks\n\nDescription: A file quarantine bypass was addressed with additional checks.\n\nCVE-2026-28954: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nAvailable for: macOS Tahoe\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A buffer overflow was addressed with improved input validation.\n\nCVE-2026-28897: popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Robert Tran, Aswin kumar Gokulakannan\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause unexpected system termination\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2026-28986: Chris Betz, Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: A logging issue was addressed with improved data redaction.\n\nCVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)\n\nAvailable for: macOS Tahoe\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2026-28983: Ruslan Dautov\n\nAvailable for: macOS Tahoe\n\nImpact: Replying to an email could display remote images in Mail in Lockdown Mode\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2026-28929: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker on the local network may be able to cause a denial-of-service\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2026-43653: Atul R V\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker on the local network may be able to cause a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved input validation.\n\nCVE-2026-28985: Omar Cerrito\n\nAvailable for: macOS Tahoe\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2026-43668: Anton Pakhunov, Ricardo Prado\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker on the local network may be able to cause a denial-of-service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2026-43666: Ian van der Wurff (ian.nl)\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: The issue was addressed with improved checks.\n\nCVE-2026-28941: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted image may corrupt process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2026-28940: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker with physical access to a locked device may be able to view sensitive user information\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2026-28961: Dan Raviv\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker may be able to track users through their IP address\n\nDescription: This issue was addressed through improved state management.\n\nCVE-2026-28906: Ilya Sc. Jowell A.\n\nAvailable for: macOS Tahoe\n\nImpact: Parsing a maliciously crafted file may lead to an unexpected app termination\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2026-43656: Peter Malone\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access protected user data\n\nDescription: A permissions issue was addressed with additional restrictions.\n\nCVE-2026-43652: Asaf Cohen\n\nAvailable for: macOS Tahoe\n\nImpact: Processing a maliciously crafted image may corrupt process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2026-39870: Peter Malone\n\nAvailable for: macOS Tahoe\n\nImpact: A remote attacker may be able to cause unexpected app termination\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2026-28846: Peter Malone\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: This issue was addressed by adding an additional prompt for user consent.\n\nCVE-2026-28993: Doron Assness\n\nAvailable for: macOS Tahoe\n\nImpact: A remote attacker may be able to cause unexpected system termination\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2026-28848: Peter Malone, Dave G. and Alex Radocea of Supernetworks\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access protected user data\n\nDescription: A permissions issue was addressed with additional restrictions.\n\nCVE-2026-28930: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2026-28974: Andy Koo (@andykoo) of Hexens\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access sensitive user data\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2026-28996: Alex Radocea\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to gain root privileges\n\nDescription: A consistency issue was addressed with improved state handling.\n\nCVE-2026-28919: Amy (amys.website)\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access Contacts without user consent\n\nDescription: A race condition was addressed with improved handling of symbolic links.\n\nCVE-2026-28924: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to observe unprotected user data\n\nDescription: A path handling issue was addressed with improved logic.\n\nCVE-2026-39871: an anonymous researcher\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to gain root privileges\n\nDescription: An information leakage was addressed with additional validation.\n\nCVE-2026-28976: David Ige - Beryllium Security\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: A validation issue was addressed with improved logic.\n\nWebKit Bugzilla: 308906\n\nCVE-2026-43660: Cantina\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced\n\nDescription: The issue was addressed with improved input validation.\n\nWebKit Bugzilla: 308675\n\nCVE-2026-28907: Cantina\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: This issue was addressed with improved access restrictions.\n\nWebKit Bugzilla: 309698\n\nCVE-2026-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: The issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 307669\n\nCVE-2026-43658: Do Young Park\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may lead to an unexpected process crash\n\nDescription: The issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 308545\n\nCVE-2026-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang\n\nWebKit Bugzilla: 308707\n\nCVE-2026-28847: DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea\n\nWebKit Bugzilla: 309601\n\nCVE-2026-28904: Luka Ra\u010dki\n\nWebKit Bugzilla: 310880\n\nCVE-2026-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative\n\nWebKit Bugzilla: 310303\n\nCVE-2026-28903: Mateusz Krzywicki (iVerify.io)\n\nWebKit Bugzilla: 309628\n\nCVE-2026-28953: Maher Azzouzi\n\nWebKit Bugzilla: 309861\n\nCVE-2026-28902: Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon)\n\nWebKit Bugzilla: 310207\n\nCVE-2026-28901: Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io\n\nWebKit Bugzilla: 311631\n\nCVE-2026-28913: an anonymous researcher\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may lead to an unexpected process crash\n\nDescription: A use-after-free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 313939\n\nCVE-2026-28883: kwak kiyong / kakaogames\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to access sensitive user data\n\nDescription: This issue was addressed with improved data protection.\n\nWebKit Bugzilla: 311228\n\nCVE-2026-28958: Cantina\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may lead to an unexpected process crash\n\nDescription: The issue was addressed with improved input validation.\n\nWebKit Bugzilla: 310527\n\nCVE-2026-28917: Vitaly Simonovich\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A use-after-free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 310234\n\nCVE-2026-28947: dr3dd\n\nWebKit Bugzilla: 310544\n\nCVE-2026-28946: Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox\n\nWebKit Bugzilla: 312180\n\nCVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic\n\nAvailable for: macOS Tahoe\n\nImpact: A malicious iframe may use another website\u2019s download settings\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 311288\n\nCVE-2026-28971: Khiem Tran\n\nAvailable for: macOS Tahoe\n\nImpact: Processing maliciously crafted web content may lead to an unexpected process crash\n\nDescription: The issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 311131\n\nCVE-2026-28944: Kenneth Hsu of Palo Alto Networks, J\u00e9r\u00f4me DJOUDER, dr3dd\n\nAvailable for: macOS Tahoe\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2026-28819: Wang Yu\n\nAvailable for: macOS Tahoe\n\nImpact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2026-28994: Alex Radocea\n\nAvailable for: macOS Tahoe\n\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper checks\n\nDescription: A logic issue was addressed with improved file handling.\n\nCVE-2026-28914: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs (nosebeard.co)\n\nAvailable for: macOS Tahoe\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: An information leakage was addressed with additional validation.\n\nCVE-2026-28920: Brendon Tiszka of Google Project Zero\n\nWe would like to acknowledge Mikael Kinnman for their assistance.\n\nWe would like to acknowledge Asaf Cohen, Johan Wahyudi for their assistance.\n\nWe would like to acknowledge Iv\u00e1n Savransky, Kun Peeks (@SwayZGl1tZyyy), YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab for their assistance.\n\nWe would like to acknowledge Brian Carpenter for their assistance.\n\nWe would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.\n\nWe would like to acknowledge Jordan Pittman for their assistance.\n\nWe would like to acknowledge Mustafa Calap \u200b for their assistance.\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nWe would like to acknowledge Ryan Hileman via Xint Code (xint.io), an anonymous researcher for their assistance.\n\nWe would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.\n\nWe would like to acknowledge Chris Staite and David Hardy of Menlo Security Inc for their assistance.\n\nWe would like to acknowledge Ilias Morad (@A2nkF\\_) for their assistance.\n\nWe would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.\n\nWe would like to acknowledge Jason Grove for their assistance.\n\nWe would like to acknowledge Jeffery Kimbrow for their assistance.\n\nWe would like to acknowledge Asilbek Salimov for their assistance.\n\nWe would like to acknowledge Anand Patil for their assistance.\n\nWe would like to acknowledge Christopher Mathews for their assistance.\n\nWe would like to acknowledge Cem Onat Karagun, Surya Kushwaha for their assistance.\n\nWe would like to acknowledge sean mutuku for their assistance.\n\nWe would like to acknowledge Robert Mindo for their assistance.\n\nWe would like to acknowledge Yoav Magid for their assistance.\n\nWe would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.\n\nWe would like to acknowledge Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Qadhafy Muhammad Tera, Vitaly Simonovich for their assistance.\n\nWe would like to acknowledge Hyeonji Son (@jir4vv1t) of Demon Team for their assistance.\n\nWe would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](https://support.apple.com/103190) for additional information.\n\nPublished Date:\u00a0May 11, 2026", "creation_timestamp": "2026-05-26T05:49:18.539732+00:00", "timestamp": "2026-05-26T05:49:18.539732+00:00", "related_vulnerabilities": ["CVE-2026-28974", "CVE-2026-28995", "CVE-2026-28985", "CVE-2026-28993", "CVE-2026-28942", "CVE-2026-28902", "CVE-2026-28978", "CVE-2026-28986", "CVE-2026-28947", "CVE-2026-28847", "CVE-2026-28944", "CVE-2026-28992", "CVE-2026-28953", "CVE-2026-28987", "CVE-2026-43660", "CVE-2026-28905", "CVE-2026-28925", "CVE-2026-39871", "CVE-2026-28954", "CVE-2026-28988", "CVE-2026-39869", "CVE-2026-43661", "CVE-2026-28819", "CVE-2026-28919", "CVE-2026-28952", "CVE-2026-28907", "CVE-2026-43655", "CVE-2026-28994", "CVE-2026-28940", "CVE-2026-28846", "CVE-2026-28990", "CVE-2026-28901", "CVE-2026-28962", "CVE-2026-28969", "CVE-2026-28956", "CVE-2026-28959", "CVE-2026-28977", "CVE-2026-39870", "CVE-2026-28913", "CVE-2026-28906", "CVE-2026-28996", "CVE-2026-28971", "CVE-2026-1837", "CVE-2026-43666", "CVE-2026-28941", "CVE-2026-28914", "CVE-2026-43653", "CVE-2026-28903", "CVE-2026-43652", "CVE-2026-28920", "CVE-2026-28976", "CVE-2026-28991", "CVE-2026-43659", "CVE-2026-43658", "CVE-2026-43654", "CVE-2026-28897", "CVE-2026-28915", "CVE-2026-28924", "CVE-2026-28848", "CVE-2026-28972", "CVE-2026-28936", "CVE-2026-28929", "CVE-2026-28917", "CVE-2026-28951", "CVE-2026-43656", "CVE-2026-28918", "CVE-2026-28943", "CVE-2026-28946", "CVE-2026-28923", "CVE-2026-43668", "CVE-2026-28883", "CVE-2026-28904", "CVE-2026-28958", "CVE-2026-28922", "CVE-2026-28983", "CVE-2026-28955", "CVE-2026-28961", "CVE-2026-28908", "CVE-2026-28930"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}