CVE-2026-20682 – A logic flaw in iOS/iPadOS note management coul... (How to Fix)

Q: What is the severity of CVE-2026-20682?

CVE-2026-20682 has a CVSS score of 5.3 (MEDIUM). A logic flaw in iOS/iPadOS note management could allow attackers to access users' deleted notes. This affects users running vulnerable versions of iOS and iPadOS who have used the Notes app. The vulnerability involves improper state management that fails to fully secure deleted content.

📋 TL;DR

A logic flaw in iOS/iPadOS note management could allow attackers to access users' deleted notes. This affects users running vulnerable versions of iOS and iPadOS who have used the Notes app. The vulnerability involves improper state management that fails to fully secure deleted content.

💻 Affected Systems

Products:

iOS
iPadOS

Versions: Versions prior to iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5

Operating Systems: iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all devices running vulnerable iOS/iPadOS versions with Notes app functionality.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive deleted notes containing passwords, financial information, or personal data could be recovered by an attacker with device access.

🟠

Likely Case

Limited exposure of non-critical deleted notes to attackers with physical or remote access to the device.

🟢

If Mitigated

No exposure if patched; minimal exposure if device is secured with strong authentication and limited attack surface.

🌐 Internet-Facing: LOW - Requires local device access or sophisticated remote exploitation.

🏢 Internal Only: MEDIUM - Insider threats or compromised devices could exploit this to access sensitive deleted information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires specific conditions to access deleted notes; likely requires some level of device access or compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 26.3, iPadOS 26.3, iOS 18.7.5, iPadOS 18.7.5

Vendor Advisory: https://support.apple.com/en-us/126346

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install the latest iOS/iPadOS update. 5. Restart device when prompted.

🔧 Temporary Workarounds

Disable Notes Sync

iOS/iPadOS

Turn off iCloud sync for Notes to reduce attack surface

Settings > [Your Name] > iCloud > Show All > Toggle Notes OFF

Use Secure Notes

iOS/iPadOS

Move sensitive notes to password-protected or locked notes

In Notes app: Select note > Share button > Lock Note > Set password

🧯 If You Can't Patch

Restrict physical access to devices and implement strong authentication (passcodes, biometrics)
Disable Notes app entirely via MDM if not needed for business purposes

🔍 How to Verify

Check if Vulnerable:

Check iOS/iPadOS version in Settings > General > About > Software Version

Check Version:

Settings > General > About > Software Version

Verify Fix Applied:

Confirm version is iOS 26.3/iPadOS 26.3 or iOS 18.7.5/iPadOS 18.7.5 or later

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Notes app data stores
Unexpected file system access to note databases

Network Indicators:

Unusual iCloud sync activity for Notes data

SIEM Query:

device.os.name:"iOS" AND device.os.version:"<26.3" OR device.os.version:"<18.7.5"

📊 Metadata

CVE ID: CVE-2026-20682

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.03% exploit probability (6.4th percentile)

Published: February 11, 2026

Last Updated: February 17, 2026

🔗 References

https://support.apple.com/en-us/126346 Release Notes,Vendor Advisory
https://support.apple.com/en-us/126347 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20682, you might also want to check these: