CVE-2026-20675 — Vulnetix

CVE-2026-20675 PUBLISHED CVSS 5.5 MEDIUM

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.

EPSS 0.01% · 2.8th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.01%

2.8th percentile

Affected Products

Vendor	Product	Versions
Apple	visionOS	0, unspecified
apple	macos	14.0, 26.0, 26.0
Apple	macOS	, unspecified,
apple	watchos	0, 0
apple	ipados	0, 26.0, 0
apple	iphone_os	26.0, 0, 26.0
Apple	iOS and iPadOS	0, unspecified, unspecified
apple	tvos	0, 0
apple	visionos	0, 0
Apple	watchOS	0, unspecified
Apple	tvOS	0, unspecified

Exploit Intelligence

CIRCL seen: CVE-2026-20675 (circl-sighting)
https://www.zerodayinitiative.com/advisories/ZDI-26-174/ (circl)
https://support.apple.com/en-us/126348 (circl)
https://support.apple.com/en-us/126352 (circl)
https://support.apple.com/en-us/126353 (circl)
https://support.apple.com/en-us/126349 (circl)
https://support.apple.com/en-us/126350 (circl)
https://support.apple.com/en-us/126346 (circl)
https://support.apple.com/en-us/126347 (circl)
https://support.apple.com/en-us/126351 (circl)

…and 42 more exploits

Timeline

Feb 11, 2026 CVE Published
Feb 12, 2026 EPSS Score
Feb 12, 2026 PoC Published
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score

References

https://support.apple.com/en-us/126350 technical
https://support.apple.com/en-us/126351 technical
https://support.apple.com/en-us/126352 technical
https://support.apple.com/en-us/126353 technical
https://support.apple.com/en-us/126348 url
https://support.apple.com/en-us/126349 url
https://support.apple.com/en-us/126346 url
https://support.apple.com/en-us/126347 url
https://www.zerodayinitiative.com/advisories/ZDI-26-174/ third-party-advisory
https://support.apple.com/en-us/126354 advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-20675 advisory
https://www.zerodayinitiative.com/advisories/ZDI-26-174 url

Open in Interactive Console →