Logic Flaw in Apple Products Exposes User Safari History
CVE-2026-20656

3.3LOW

Key Information:

Vendor: Apple
Status: Safari; iOS And iPad OS; Mac OS
Vendor: CVE Published:; 11 February 2026

What is CVE-2026-20656?

A logic issue in Apple's software has been identified that could potentially allow applications to gain access to a user's Safari browsing history without appropriate permission. This vulnerability has been addressed with improved validation in the latest updates for iOS, iPadOS, Safari, and macOS Tahoe. Users are advised to upgrade to the latest software versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

iOS and iPadOS 0 < 18.7.5

macOS 0 < 26.3

Safari 0 < 26.3

References

https://support.apple.com/en-us/126347

https://support.apple.com/en-us/126348

https://support.apple.com/en-us/126354

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Nov 11, 2025

CVE-2026-20656 Data

JSON