The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/126792 | Vendor Advisory Release Notes |
| https://support.apple.com/en-us/126798 | Vendor Advisory Release Notes |
| https://support.apple.com/en-us/126799 | Vendor Advisory Release Notes |
Configurations
Configuration 1 (hide)
|
History
26 Mar 2026, 18:31
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://support.apple.com/en-us/126792 - Vendor Advisory, Release Notes | |
| References | () https://support.apple.com/en-us/126798 - Vendor Advisory, Release Notes | |
| References | () https://support.apple.com/en-us/126799 - Vendor Advisory, Release Notes | |
| First Time |
Apple watchos
Apple iphone Os Apple visionos Apple ipados Apple |
|
| CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
25 Mar 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-284 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
25 Mar 2026, 01:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-25 01:17
Updated : 2026-03-26 18:31
NVD link : CVE-2026-28856
Mitre link : CVE-2026-28856
CVE.ORG link : CVE-2026-28856
JSON object : View
Products Affected
apple
- ipados
- visionos
- iphone_os
- watchos
CWE
CWE-284
Improper Access Control