Login Sign Up

CVE-2026-20675

5.5 MEDIUM

📋 TL;DR

This CVE describes an image processing vulnerability in Apple operating systems where improper bounds checks could allow maliciously crafted images to disclose user information. The vulnerability affects multiple Apple platforms including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Attackers could exploit this by tricking users into processing specially crafted images.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to the fixed versions listed in the description
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable. The vulnerability is in the image processing subsystem.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive user data disclosure including potentially personal information, photos, or device data through malicious image processing.

🟠

Likely Case

Limited information disclosure from image processing contexts, potentially exposing metadata or adjacent memory contents.

🟢

If Mitigated

No impact if systems are patched or if malicious images are prevented from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM - Exploitation requires user interaction with malicious images, but many attack vectors exist (web, email, messaging).
🏢 Internal Only: LOW - Requires user interaction with malicious content, reducing risk in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to process a malicious image. The CWE-77 (Improper Neutralization of Special Elements) suggests command injection or similar issues in image processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, visionOS 26.3, iOS 26.3, iPadOS 26.3

Vendor Advisory: https://support.apple.com/en-us/126346

Restart Required: No

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest available update for your device. 4. For macOS, open System Settings > General > Software Update.

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic processing of images in email clients, messaging apps, and web browsers where possible.

Use content filtering

all

Implement network-level content filtering to block suspicious image files from external sources.

🧯 If You Can't Patch

  • Implement strict image file type restrictions in email gateways and web proxies
  • Educate users to avoid opening images from untrusted sources and disable automatic image loading

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions. If running versions prior to the fixed versions listed, the system is vulnerable.

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. watchOS: Watch app on iPhone > General > About > Version.

Verify Fix Applied:

Verify OS version matches or exceeds the fixed versions: watchOS 26.3+, tvOS 26.3+, macOS Tahoe 26.3+, macOS Sonoma 14.8.4+, macOS Sequoia 15.7.4+, iOS 18.7.5+, iPadOS 18.7.5+, visionOS 26.3+, iOS 26.3+, iPadOS 26.3+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual image processing errors in system logs
  • Crashes in image-related processes

Network Indicators:

  • Unusual image downloads from suspicious sources
  • Multiple failed image processing attempts

SIEM Query:

source="apple_system_logs" AND (process="image" OR process="graphics") AND (event="crash" OR event="error")

📊 Metadata

CVE ID: CVE-2026-20675
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-77
EPSS Score: 0.01% exploit probability (1.6th percentile)
Published: February 11, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20675, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)