Logic Issue in Apple Products Allows Potential Sandbox Breakout
CVE-2026-20667

8.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; Watch OS
Vendor: CVE Published:; 11 February 2026

What is CVE-2026-20667?

A logic issue in various Apple operating systems was identified that could potentially allow applications to escape their sandbox environments. This could lead to unauthorized access to system resources or user data. Apple has addressed this vulnerability with improved validation checks in the latest updates of watchOS, macOS, iOS, and iPadOS. Users are advised to update their devices to the latest versions to mitigate this risk.

Affected Version(s)

iOS and iPadOS 0 < 26.3

macOS 0 < 14.8.4

macOS 0 < 15.7.4

References

https://support.apple.com/en-us/126346

https://support.apple.com/en-us/126348

https://support.apple.com/en-us/126349

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Nov 11, 2025

CVE-2026-20667 Data

JSON