CVE-2026-20653 — Vulnetix

CVE-2026-20653 PUBLISHED CVSS 5.5 MEDIUM

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

EPSS 0.02% · 3.3th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.02%

3.3th percentile

Affected Products

Vendor	Product	Versions
Apple	iOS and iPadOS	0, 0
apple	visionos	0
Apple	macOS	0, 0, 0
apple	macos	15.0, 26.0, 0
apple	ipados	26.0, 0
Apple	visionOS	0
apple	iphone_os	0, 26.0

Exploit Intelligence

https://support.apple.com/en-us/126346 (circl)
https://support.apple.com/en-us/126347 (circl)
https://support.apple.com/en-us/126348 (circl)
https://support.apple.com/en-us/126349 (circl)
https://support.apple.com/en-us/126350 (circl)
https://support.apple.com/en-us/126353 (circl)
macos_v2_generated.go (github-poc)
macos_v2_generated.go (github-poc)
macos_v2_generated.go (github-poc)
macos_v2_generated.go (github-poc)

…and 26 more exploits

Timeline

Feb 11, 2026 CVE Published
Feb 12, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 4, 2026 EPSS Score

References

https://support.apple.com/en-us/126346 advisory
https://support.apple.com/en-us/126353 advisory
https://support.apple.com/en-us/126347 advisory
https://support.apple.com/en-us/126352 advisory
https://support.apple.com/en-us/126348 advisory
https://support.apple.com/en-us/126349 advisory
https://support.apple.com/en-us/126351 advisory
https://support.apple.com/en-us/126350 advisory
https://support.apple.com/en-us/126354 advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-20653 advisory

Open in Interactive Console →