Login Sign Up

CVE-2026-20641

7.1 HIGH

📋 TL;DR

This CVE describes a privacy vulnerability in Apple operating systems where an app could potentially identify what other apps a user has installed, exposing sensitive user data. It affects multiple Apple platforms including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. The issue has been addressed through improved checks in updated versions.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, and iPadOS 26.3
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could profile a user's app usage patterns, potentially leading to targeted attacks, privacy violations, or data leakage about personal interests and habits.

🟠

Likely Case

Malicious apps could gather information about installed apps for advertising profiling, competitive intelligence, or minor privacy intrusions without direct data theft.

🟢

If Mitigated

With proper controls like app sandboxing and updated systems, the risk is limited to minimal privacy exposure with no direct system compromise.

🌐 Internet-Facing: LOW - This vulnerability requires local app execution and does not directly expose systems to remote exploitation over the internet.
🏢 Internal Only: MEDIUM - Malicious apps installed on devices could exploit this locally to gather sensitive user information within organizational environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed on the target device, leveraging improper checks to access app installation data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, iPadOS 26.3

Vendor Advisory: https://support.apple.com/en-us/126346

Restart Required: No

Instructions:

1. Open Settings on the device. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Ensure the device is connected to power and Wi-Fi during the update.

🔧 Temporary Workarounds

Restrict App Installations

all

Limit app installations to trusted sources only, such as the official App Store, to reduce the risk of malicious apps exploiting this vulnerability.

🧯 If You Can't Patch

  • Implement strict app vetting policies to prevent installation of untrusted or suspicious applications.
  • Use mobile device management (MDM) solutions to enforce security controls and monitor for unusual app behavior.

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the affected systems section.

Check Version:

On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Verify Fix Applied:

Confirm that the OS version matches or exceeds the patched versions after updating.

📡 Detection & Monitoring

Log Indicators:

  • Unusual app behavior logs indicating attempts to access system app lists or privacy-related APIs without proper authorization.

Network Indicators:

  • No direct network indicators as this is a local privacy issue.

SIEM Query:

Search for events related to app installation checks or privacy API accesses from untrusted apps on Apple devices.

📊 Metadata

CVE ID: CVE-2026-20641
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-200
EPSS Score: 0.01% exploit probability (1.7th percentile)
Published: February 11, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20641, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)