A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/126348 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126349 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126350 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Feb 2026, 19:43
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
13 Feb 2026, 20:22
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | |
| CWE | CWE-22 | |
| First Time |
Apple macos
Apple |
|
| References | () https://support.apple.com/en-us/126348 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126349 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126350 - Release Notes, Vendor Advisory |
11 Feb 2026, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-11 23:16
Updated : 2026-02-25 19:43
NVD link : CVE-2026-20614
Mitre link : CVE-2026-20614
CVE.ORG link : CVE-2026-20614
JSON object : View
Products Affected
apple
- macos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')