CVE-2026-20667

Sandbox Enforcement Logic Flaw Allowing Application Breakout

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.

INFO

Published Date :

2026-02-11T22:58:03.531Z

Last Modified :

2026-04-02T18:08:57.940Z

Source :

apple

AFFECTED PRODUCTS

The following products are affected by CVE-2026-20667 vulnerability.

Vendors	Products
Apple	Ios And Ipados Ipados Iphone Os Macos Watchos

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20667.

URL	Resource
https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126349
https://support.apple.com/en-us/126350
https://support.apple.com/en-us/126352

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact