CVE-2026-20625 – A path validation vulnerability in macOS and vi... (How to Fix)

Q: What is the severity of CVE-2026-20625?

CVE-2026-20625 has a CVSS score of 5.5 (MEDIUM). A path validation vulnerability in macOS and visionOS allows applications to bypass directory restrictions and access sensitive user data. This affects users running vulnerable versions of macOS Sequoia, Tahoe, Sonoma, and visionOS. The issue stems from improper parsing of directory paths.

📋 TL;DR

A path validation vulnerability in macOS and visionOS allows applications to bypass directory restrictions and access sensitive user data. This affects users running vulnerable versions of macOS Sequoia, Tahoe, Sonoma, and visionOS. The issue stems from improper parsing of directory paths.

💻 Affected Systems

Products:

macOS
visionOS

Versions: Versions before macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3

Operating Systems: macOS, visionOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app could access sensitive files like passwords, encryption keys, or personal documents stored in protected directories.

🟠

Likely Case

Malicious or compromised applications could read user data they shouldn't have access to, potentially exposing personal information.

🟢

If Mitigated

With proper app sandboxing and user permissions, impact would be limited to data accessible by the compromised app's existing permissions.

🌐 Internet-Facing: LOW - This requires local app execution, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires user to install/run malicious app, but could be combined with social engineering or other attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires malicious app to be installed and executed. No known public exploits at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3

Vendor Advisory: https://support.apple.com/en-us/126348

Restart Required: No

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install available updates 5. Follow on-screen instructions

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the App Store or identified developers

Review App Permissions

all

Regularly review and restrict app permissions in System Settings

🧯 If You Can't Patch

Implement application allowlisting to control which apps can run
Use endpoint detection and response (EDR) tools to monitor for suspicious file access patterns

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is below the patched versions listed, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify system version matches or exceeds patched versions: macOS Sequoia 15.7.4+, macOS Tahoe 26.3+, macOS Sonoma 14.8.4+, visionOS 26.3+

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns by applications
Multiple failed path validation attempts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

process_access_file AND (file_path CONTAINS sensitive_directories) AND NOT (process_name IN trusted_apps)

📊 Metadata

CVE ID: CVE-2026-20625

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.01% exploit probability (1.9th percentile)

Published: February 11, 2026

Last Updated: February 12, 2026

🔗 References

https://support.apple.com/en-us/126348 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126349 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126350 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126353 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20625, you might also want to check these: