Detections
Analytics

macOS 26.x < 26.4 Multiple Vulnerabilities (126794)

high Nessus Plugin ID 303481

Synopsis

The remote host is missing a macOS update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.4. It is, therefore, affected by multiple vulnerabilities:

 - Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd=... directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
 (CVE-2025-58098)

 - When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. (CVE-2025-14524)

 - An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue. (CVE-2025-55753)

 - Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
 (CVE-2025-59775)

 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of- bounds memory access. This issue has been patched in version 1.6.51. (CVE-2025-64505)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 26.4 or later.

See Also

https://support.apple.com/en-us/126794

Plugin Details

Severity: High

ID: 303481

File Name: macos_126794.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 3/24/2026

Updated: 3/24/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 8.7

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P

CVSS Score Source: CVE-2025-58098

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:26.0, cpe:/o:apple:macos:26.0

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/24/2026

Vulnerability Publication Date: 11/11/2025

Reference Information

CVE: CVE-2025-14524, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-64505, CVE-2025-65082, CVE-2025-66200, CVE-2026-20607, CVE-2026-20631, CVE-2026-20632, CVE-2026-20633, CVE-2026-20643, CVE-2026-20664, CVE-2026-20665, CVE-2026-20684, CVE-2026-20687, CVE-2026-20688, CVE-2026-20690, CVE-2026-20691, CVE-2026-20692, CVE-2026-20693, CVE-2026-20694, CVE-2026-20695, CVE-2026-20697, CVE-2026-20698, CVE-2026-20699, CVE-2026-20701, CVE-2026-28816, CVE-2026-28817, CVE-2026-28818, CVE-2026-28820, CVE-2026-28821, CVE-2026-28822, CVE-2026-28823, CVE-2026-28824, CVE-2026-28825, CVE-2026-28826, CVE-2026-28827, CVE-2026-28828, CVE-2026-28829, CVE-2026-28831, CVE-2026-28832, CVE-2026-28833, CVE-2026-28834, CVE-2026-28835, CVE-2026-28837, CVE-2026-28838, CVE-2026-28839, CVE-2026-28841, CVE-2026-28842, CVE-2026-28844, CVE-2026-28845, CVE-2026-28852, CVE-2026-28857, CVE-2026-28859, CVE-2026-28861, CVE-2026-28862, CVE-2026-28864, CVE-2026-28865, CVE-2026-28866, CVE-2026-28867, CVE-2026-28868, CVE-2026-28870, CVE-2026-28871, CVE-2026-28876, CVE-2026-28877, CVE-2026-28878, CVE-2026-28879, CVE-2026-28880, CVE-2026-28881, CVE-2026-28882, CVE-2026-28886, CVE-2026-28888, CVE-2026-28891, CVE-2026-28892, CVE-2026-28893, CVE-2026-28894

APPLE-SA: 126794