The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/126346 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126347 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126348 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126349 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/126350 | Release Notes |
Configurations
Configuration 1 (hide)
|
History
18 Feb 2026, 16:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-200 |
12 Feb 2026, 18:40
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apple macos
Apple Apple iphone Os Apple ipados |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
|
| CWE | NVD-CWE-noinfo | |
| References | () https://support.apple.com/en-us/126346 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126347 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126348 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126349 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/126350 - Release Notes |
11 Feb 2026, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-11 23:16
Updated : 2026-02-18 16:22
NVD link : CVE-2026-20680
Mitre link : CVE-2026-20680
CVE.ORG link : CVE-2026-20680
JSON object : View
Products Affected
apple
- iphone_os
- ipados
- macos
CWE