CVE-2026-20680

Sandboxed App Observability Bypass Leading to Sensitive Data Exposure

Description

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data.

INFO

Published Date :

2026-02-11T22:58:35.657Z

Last Modified :

2026-04-02T18:19:32.387Z

Source :

apple

AFFECTED PRODUCTS

The following products are affected by CVE-2026-20680 vulnerability.

Vendors	Products
Apple	Ios And Ipados Ipados Iphone Os Macos

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20680.

URL	Resource
https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126347
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126349
https://support.apple.com/en-us/126350

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact