CVE-2026-49269

Name: CVE-2026-49269
Creator: NVD / NIST
Published: 2026-06-24T16:16:30.41+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10EPSS 0.30%

Last modified Jun 25, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that this behavior affects only legacy hardware and has already been addressed at the hardware level in current-generation Apple Silicon.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

0.30%

21.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

References

https://gist.github.com/scndls/9cbe31f2b0b1578eaeb311e601335355

Timeline

Published: Jun 24, 2026
Last Modified: Jun 25, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-49269?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST