CVE-2026-20673 – A logic flaw in Apple's mail preview functional... (How to Fix)

Q: What is the severity of CVE-2026-20673?

CVE-2026-20673 has a CVSS score of 5.3 (MEDIUM). A logic flaw in Apple's mail preview functionality allows remote content to load despite the 'Load remote content in messages' setting being disabled. This affects users of macOS, iOS, and iPadOS who preview emails containing remote content. The vulnerability could expose users to tracking or malicious content.

📋 TL;DR

A logic flaw in Apple's mail preview functionality allows remote content to load despite the 'Load remote content in messages' setting being disabled. This affects users of macOS, iOS, and iPadOS who preview emails containing remote content. The vulnerability could expose users to tracking or malicious content.

💻 Affected Systems

Products:

macOS
iOS
iPadOS

Versions: Versions prior to macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4

Operating Systems: macOS, iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default mail client configurations when previewing emails with remote content.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could exploit this to load malicious content in email previews, potentially leading to information disclosure, tracking, or malware delivery.

🟠

Likely Case

Most probable impact is privacy violation through tracking pixels or beacons loading in email previews without user consent.

🟢

If Mitigated

With proper controls, impact is limited to potential privacy leakage rather than code execution.

🌐 Internet-Facing: MEDIUM - Attackers can send malicious emails to exploit this, but requires user interaction.

🏢 Internal Only: LOW - Primarily an external threat via email delivery.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to preview a specially crafted email; no authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4

Vendor Advisory: https://support.apple.com/en-us/126347

Restart Required: No

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates for your operating system. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Mail Previews

all

Completely disable email preview functionality to prevent exploitation.

Avoid Previewing Unknown Emails

all

Do not preview emails from unknown senders or suspicious sources.

🧯 If You Can't Patch

Use alternative email clients that are not affected by this vulnerability.
Configure network filtering to block remote content loading from email domains.

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version is equal to or newer than patched versions listed.

📡 Detection & Monitoring

Log Indicators:

Mail app logs showing remote content loading despite disabled setting

Network Indicators:

Unexpected HTTP/HTTPS requests from mail client to external domains

SIEM Query:

source="mail.log" AND "remote content" AND "preview"

📊 Metadata

CVE ID: CVE-2026-20673

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score: 0.03% exploit probability (8.4th percentile)

Published: February 11, 2026

Last Updated: February 13, 2026

🔗 References

https://support.apple.com/en-us/126347 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126348 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126349 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126350 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON