Access Control Vulnerability in macOS Products by Apple
CVE-2026-20701

7.5HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-20701?

An access control vulnerability in certain macOS products has been identified, allowing applications to potentially connect to network shares without explicit user permission. This concern stems from insufficient sandbox restrictions that were previously in place. The identified issue has been resolved in the latest updates for macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, ensuring that user consent is now required for network share connections.

Affected Version(s)

macOS 0 < 14.8.5

macOS 0 < 15.7.5

macOS 0 < 26.4

References

https://support.apple.com/en-us/126794

https://support.apple.com/en-us/126795

https://support.apple.com/en-us/126796

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Nov 11, 2025

CVE-2026-20701 Data

JSON