CVE-2026-20660_CVE-2026-20660

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Description

A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.

Basic Information

ID CVE-2026-20660

Source apple

Published Feb 11, 2026 at 22:58

Modified Feb 13, 2026 at 17:44

Affected Product

Vendor Apple

Product Safari

Version unspecified

Affected Versions Apple Safari unspecified
Apple macOS unspecified
Apple visionOS unspecified
Apple macOS unspecified
Apple iOS and iPadOS unspecified
Apple iOS and iPadOS unspecified

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.",
    "published": "2026-02-11T22:58:27.396Z",
    "modified": "2026-02-13T17:44:39.836Z",
    "type": "cve",
    "title": "CVE-2026-20660",
    "source": "apple",
    "references": "https://support.apple.com/en-us/126354\nhttps://support.apple.com/en-us/126348\nhttps://support.apple.com/en-us/126353\nhttps://support.apple.com/en-us/126350\nhttps://support.apple.com/en-us/126346\nhttps://support.apple.com/en-us/126347",
    "id": "CVE-2026-20660",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Apple Safari unspecified\nApple macOS unspecified\nApple visionOS unspecified\nApple macOS unspecified\nApple iOS and iPadOS unspecified\nApple iOS and iPadOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Safari",
    "version": "unspecified",
    "vendor": "Apple",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}