Denial-of-Service Vulnerability in Apple Products
CVE-2026-20650

7.5HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; TV OS; Visionos
Vendor: CVE Published:; 11 February 2026

What is CVE-2026-20650?

A denial-of-service vulnerability has been identified that could be exploited by an attacker in a privileged network position. By sending specially crafted Bluetooth packets, an attacker may disrupt the normal functioning of devices, leading to potential downtime and service degradation. Apple has released updates including watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3, and iPadOS 26.3 that address this issue. Users are advised to update their devices promptly to mitigate this risk.

Affected Version(s)

iOS and iPadOS 0 < 26.3

macOS 0 < 26.3

tvOS 0 < 26.3

References

https://support.apple.com/en-us/126346

https://support.apple.com/en-us/126348

https://support.apple.com/en-us/126351

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Nov 11, 2025

CVE-2026-20650 Data

JSON