CVE-2026-28950

CVSS 6.2 MEDIUMEPSS 2.9%CWE-359

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Apple · iOS and iPadOS Apple · iPadOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2026/Apr/14 http://seclists.org/fulldisclosure/2026/Apr/15 http://seclists.org/fulldisclosure/2026/May/10 http://seclists.org/fulldisclosure/2026/May/8 http://seclists.org/fulldisclosure/2026/May/9 https://support.apple.com/en-us/127002 https://support.apple.com/en-us/127003 https://support.apple.com/en-us/127112 https://support.apple.com/en-us/127113 https://support.apple.com/en-us/127114