ByteOS Network

NVD Vulnerability Details :

CVE-2026-20617

Modified

Source-product-security@apple.com

Published At-11 Feb, 2026 | 23:16

Updated At-02 Apr, 2026 | 19:21

A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Apple Inc.

>>ipados>>Versions before 26.3(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions before 26.3(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions from 14.0(inclusive) to 14.8.4(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions from 26.0(inclusive) to 26.3(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>tvos>>Versions before 26.3(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Apple Inc.

>>visionos>>Versions before 26.3(exclusive)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions before 26.3(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-362	Primary	nvd@nist.gov
CWE-362	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-362

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-362

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0