VDB

CVE-2026-20688

CVE-2026-20688 PUBLISHED CVSS 9.300000190734863 CRITICAL

A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox.

EPSS 0.01% · 1.1th percentile

Risk Scores

CVSS 3.1
9.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.01%
1.1th percentile

Affected Products

VendorProductVersions
ApplemacOS0, 0, 0
appleipados0
appleiphone_os0
applemacos14.0, 26.0, 15.0
ApplevisionOS0
applevisionos0
AppleiOS and iPadOS0

Timeline

  • Mar 25, 2026 CVE Published
  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Coalition ESS Score
  • Mar 25, 2026 PoC Published
  • Mar 26, 2026 PoC Published
  • Mar 26, 2026 PoC Published
  • Mar 29, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›