← back
CVE-2026-20677

CVE-2026-20677

CVSS 9 CRITICALEPSS 0.3%CWE-367
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · visionOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/126346https://support.apple.com/en-us/126347https://support.apple.com/en-us/126348https://support.apple.com/en-us/126350https://support.apple.com/en-us/126353