Integer Overflow in macOS Products by Apple Leads to Heap Corruption Issues
CVE-2026-20639

7.5HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-20639?

A vulnerability in Apple’s macOS products allows for an integer overflow due to inadequate input validation. This critical flaw can be exploited through the processing of a maliciously crafted string, potentially resulting in heap corruption. The issue has been resolved in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.3, emphasizing the importance of staying updated to avoid exploitation.

Affected Version(s)

macOS 0 < 14.8.5

macOS 0 < 15.7.5

macOS 0 < 26.3

References

https://support.apple.com/en-us/126348

https://support.apple.com/en-us/126795

https://support.apple.com/en-us/126796

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Nov 11, 2025

CVE-2026-20639 Data

JSON