VDB

CVE-2026-20678

CVE-2026-20678 PUBLISHED CVSS 5.5 MEDIUM

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.

EPSS 0.02% · 3.0th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.02%
3.0th percentile

Affected Products

VendorProductVersions
appleipados0, 26.0
appleiphone_os0, 26.0
AppleiOS and iPadOS0, 0

Exploit Intelligence

…and 2 more exploits

Timeline

  • Feb 11, 2026 CVE Published
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score
  • Feb 28, 2026 EPSS Score
  • Mar 2, 2026 EPSS Score
  • Mar 4, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›