A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/126346 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126348 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126350 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126353 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2026, 21:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-22 | |
| First Time |
Apple iphone Os
Apple visionos Apple ipados Apple Apple macos |
|
| References | () https://support.apple.com/en-us/126346 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126348 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126350 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126353 - Release Notes, Vendor Advisory |
11 Feb 2026, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-11 23:16
Updated : 2026-02-13 21:43
NVD link : CVE-2026-20615
Mitre link : CVE-2026-20615
CVE.ORG link : CVE-2026-20615
JSON object : View
Products Affected
apple
- iphone_os
- ipados
- visionos
- macos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
