CVE-2026-20601 – This CVE describes a permissions vulnerability ... (How to Fix)

Q: What is the severity of CVE-2026-20601?

CVE-2026-20601 has a CVSS score of 3.3 (LOW). This CVE describes a permissions vulnerability in macOS that allows applications to monitor keystrokes without proper user authorization. It affects macOS systems running versions prior to Tahoe 26.3. The vulnerability enables potential keylogging and privacy violations.

📋 TL;DR

This CVE describes a permissions vulnerability in macOS that allows applications to monitor keystrokes without proper user authorization. It affects macOS systems running versions prior to Tahoe 26.3. The vulnerability enables potential keylogging and privacy violations.

💻 Affected Systems

Products:

macOS

Versions: Versions prior to macOS Tahoe 26.3

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default macOS installations running affected versions are vulnerable. The vulnerability requires an application to be installed and executed.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious applications could capture sensitive information including passwords, financial data, and confidential communications without user knowledge or consent.

🟠

Likely Case

Malware or compromised applications could perform keylogging to steal credentials and sensitive user data.

🟢

If Mitigated

With proper application vetting and security controls, the risk is limited to unauthorized applications attempting to bypass permission prompts.

🌐 Internet-Facing: LOW - This vulnerability requires local application execution, not direct internet exposure.

🏢 Internal Only: MEDIUM - Risk exists primarily from malicious or compromised applications running locally on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious application to be installed and executed on the target system. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Tahoe 26.3

Vendor Advisory: https://support.apple.com/en-us/126348

Restart Required: No

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Tahoe 26.3 update 5. Follow on-screen instructions to complete installation

🔧 Temporary Workarounds

Application Permissions Review

macOS

Review and restrict application permissions for keyboard/mouse access in System Settings

open 'x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility'
open 'x-apple.systempreferences:com.apple.preference.security?Privacy_InputMonitoring'

🧯 If You Can't Patch

Restrict installation of untrusted applications through MDM or parental controls
Regularly review and audit application permissions in System Settings > Privacy & Security

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is earlier than Tahoe 26.3, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version shows 'Tahoe 26.3' or later in System Settings > General > About.

📡 Detection & Monitoring

Log Indicators:

Unusual application requests for accessibility or input monitoring permissions
Applications accessing keyboard events without proper authorization

Network Indicators:

Unusual outbound data transfers following keyboard input patterns

SIEM Query:

process:accessibility OR process:input_monitoring AND event:permission_request AND NOT user:approved

📊 Metadata

CVE ID: CVE-2026-20601

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

EPSS Score: 0.01% exploit probability (0.9th percentile)

Published: February 11, 2026

Last Updated: March 4, 2026

🔗 References

https://support.apple.com/en-us/126348 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20601, you might also want to check these: