ACCORDING to The Apple macOS Security Update Review, May 2026 saw Apple release 82 unique CVEs across three macOS versions: 79 for macOS Tahoe 26.5, 45 for macOS Sequoia 15.7.7, and 42 for macOS Sonoma 14.8.7.
The analysis notes that Apple does not provide CVSS scores or other severity information, leaving speculation about the most severe bugs, though three stand out as strong candidates: CVE-2026-28819 (Wi-Fi) may allow an app to execute arbitrary code with kernel privileges and affects all three OS versions; CVE-2026-43668 (mDNSResponder) could let a remote attacker cause
unexpected system termination or corrupt kernel memory across the three versions; and CVE-2026-28972 (Kernel) may enable an app to terminate or write kernel memory, with out-of-bounds writes on all three OS versions. A table lists the CVE entries and which versions they affect, reinforcing that the majority of issues span Tahoe, Sequoia and Sonoma, with memory corruption and sandbox-busting capabilities recurring among the vulnerabilities.
The piece closes by indicating it will continue covering macOS updates if readers find the format useful, alongside the regular Patch Tuesday coverage for Adobe and Microsoft.