Login Sign Up

CVE-2026-20653

5.5 MEDIUM
Path Traversal

📋 TL;DR

A path validation vulnerability in Apple operating systems allows applications to access sensitive user data through improper directory path parsing. This affects macOS, iOS, iPadOS, and visionOS users running vulnerable versions. The issue could lead to unauthorized data access by malicious applications.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • visionOS
Versions: Versions before macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, iPadOS 26.3
Operating Systems: macOS, iOS, iPadOS, visionOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Requires app execution capability.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app gains full access to sensitive user data including documents, credentials, and personal information stored in vulnerable directory paths.

🟠

Likely Case

Malicious app accesses limited sensitive data from improperly validated directory paths, potentially exposing user documents or configuration files.

🟢

If Mitigated

With proper app sandboxing and security controls, impact is limited to data within the app's allowed scope.

🌐 Internet-Facing: LOW - This requires local app execution, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires user to install/run malicious app, but could be exploited via social engineering or compromised legitimate apps.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious app installation/execution. No public exploit details available. Likely requires app development knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, iPadOS 26.3

Vendor Advisory: https://support.apple.com/en-us/126346

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like App Store to reduce risk of malicious app execution.

Review App Permissions

all

Regularly review and restrict app permissions in System Settings > Privacy & Security.

🧯 If You Can't Patch

  • Implement strict app installation policies allowing only verified applications
  • Use mobile device management (MDM) to enforce security controls and monitor for suspicious app behavior

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. Vulnerable if running older than patched versions.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version, visionOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns by applications
  • App accessing directories outside normal scope

Network Indicators:

  • Not network exploitable - focus on local system monitoring

SIEM Query:

Process accessing sensitive directories with unusual path patterns OR App execution followed by abnormal file access

📊 Metadata

CVE ID: CVE-2026-20653
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-22
EPSS Score: 0.01% exploit probability (1.9th percentile)
Published: February 11, 2026
Last Updated: February 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20653, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)