ByteOS Network

NVD Vulnerability Details :

CVE-2026-20677

Analyzed

Source-product-security@apple.com

Published At-11 Feb, 2026 | 23:16

Updated At-12 Feb, 2026 | 18:37

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.0	CRITICAL	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.0

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CPE Matches

Apple Inc.

>>ipados>>Versions before 18.7.5(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>ipados>>Versions from 26.0(inclusive) to 26.3(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions before 18.7.5(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions from 26.0(inclusive) to 26.3(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions before 14.8.4(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions from 26.0(inclusive) to 26.3(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>visionos>>Versions before 26.3(exclusive)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-362	Primary	nvd@nist.gov

CWE ID: CWE-362

Type: Primary

Source: nvd@nist.gov