Login Sign Up

CVE-2026-20628

7.1 HIGH

📋 TL;DR

This CVE describes a sandbox escape vulnerability in multiple Apple operating systems where an app can bypass its security restrictions. It affects users of watchOS, tvOS, macOS, iOS, iPadOS, and visionOS who haven't applied the latest security updates. The vulnerability allows malicious apps to access resources outside their designated sandbox.

💻 Affected Systems

Products:
  • watchOS
  • tvOS
  • macOS
  • iOS
  • iPadOS
  • visionOS
Versions: Versions before watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, iPadOS 26.3
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. The vulnerability requires a malicious app to be installed.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could gain full system access, steal sensitive data, install persistent malware, or compromise other apps and system services.

🟠

Likely Case

Malicious apps could access user data from other apps, modify system settings, or perform unauthorized actions with elevated privileges.

🟢

If Mitigated

With proper app vetting and security controls, risk is limited to zero-day exploits from untrusted app sources.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, iPadOS 26.3

Vendor Advisory: https://support.apple.com/en-us/126346

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/visionOS. 2. Go to System Settings > General > Software Update on macOS. 3. Go to Settings > System > Software Updates on tvOS. 4. Download and install the latest security update. 5. Restart the device after installation.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the official App Store and avoid sideloading or third-party app stores.

🧯 If You Can't Patch

  • Implement strict app vetting and only allow installation of trusted, verified applications
  • Use mobile device management (MDM) solutions to enforce security policies and restrict app installation

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the affected systems section.

Check Version:

iOS/iPadOS/watchOS/visionOS: Settings > General > About > Version. macOS: Apple menu > About This Mac. tvOS: Settings > General > About

Verify Fix Applied:

Verify the OS version matches or exceeds the patched versions: watchOS 26.3+, tvOS 26.3+, macOS Tahoe 26.3+, macOS Sonoma 14.8.4+, macOS Sequoia 15.7.4+, iOS 18.7.5+, iPadOS 18.7.5+, visionOS 26.3+, iOS 26.3+, iPadOS 26.3+

📡 Detection & Monitoring

Log Indicators:

  • Unusual app behavior logs
  • Sandbox violation logs in system logs
  • Unexpected permission requests from apps

Network Indicators:

  • Unusual network connections from apps that shouldn't have network access

SIEM Query:

Search for sandbox violation events or unexpected app behavior in Apple device logs

📊 Metadata

CVE ID: CVE-2026-20628
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-284
EPSS Score: 0.01% exploit probability (0.8th percentile)
Published: February 11, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20628, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)