CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to bypass certain Privacy preferences.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/126346	Release Notes Vendor Advisory
https://support.apple.com/en-us/126347	Release Notes Vendor Advisory
https://support.apple.com/en-us/126348	Release Notes Vendor Advisory
https://support.apple.com/en-us/126349	Release Notes Vendor Advisory
https://support.apple.com/en-us/126350	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2026-02-11 23:16

Updated : 2026-02-13 15:46

NVD link : CVE-2026-20606

Mitre link : CVE-2026-20606

CVE.ORG link : CVE-2026-20606

JSON object : View

Products Affected

apple

macos
ipados
iphone_os

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2026-20606", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2026-02-11T23:16:04.310", "references": [{"url": "https://support.apple.com/en-us/126346", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126347", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126348", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126349", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/126350", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to bypass certain Privacy preferences."}, {"lang": "es", "value": "Este problema se abord\u00f3 al eliminar el c\u00f3digo vulnerable. Este problema est\u00e1 solucionado en macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 y iPadOS 18.7.5, iOS 26.3 y iPadOS 26.3. Una aplicaci\u00f3n podr\u00eda eludir ciertas preferencias de Privacidad."}], "lastModified": "2026-02-13T15:46:40.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DF4C0EE-C67C-4BA1-BB50-C51DEC72E486", "versionEndExcluding": "18.7.5"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E2601B-7453-4C8B-A307-EF7BC5BF2E84", "versionEndExcluding": "26.3", "versionStartIncluding": "26.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "273784FD-F8F0-466D-AF6E-5511FF3781B7", "versionEndExcluding": "18.7.5"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "951073F9-924E-4D9C-8DA1-64E284326CC5", "versionEndExcluding": "26.3", "versionStartIncluding": "26.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E899D2A7-973C-4A46-B479-C245E5DFABE9", "versionEndExcluding": "14.8.4", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F7A1AF-3DD7-4FA1-BF78-4855F83BB463", "versionEndExcluding": "15.7.4", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0488A377-7971-4703-8823-05BF1E23CF48", "versionEndExcluding": "26.3", "versionStartIncluding": "26.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}