CVE-2026-20661_CVE-2026-20661

4.6 / 10

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.

Basic Information

ID CVE-2026-20661

Source apple

Published Feb 11, 2026 at 22:58

Modified Feb 18, 2026 at 15:09

Affected Product

Vendor Apple

Product iOS and iPadOS

Version unspecified

Affected Versions Apple iOS and iPadOS unspecified
Apple iOS and iPadOS unspecified

CWE Classification

CWE-285

References

{
    "lastseen": "",
    "description": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.",
    "published": "2026-02-11T22:58:13.600Z",
    "modified": "2026-02-18T15:09:21.208Z",
    "type": "cve",
    "title": "CVE-2026-20661",
    "source": "apple",
    "references": "https://support.apple.com/en-us/126346\nhttps://support.apple.com/en-us/126347",
    "id": "CVE-2026-20661",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "Apple iOS and iPadOS unspecified\nApple iOS and iPadOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iOS and iPadOS",
    "version": "unspecified",
    "vendor": "Apple",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}