CVE-2026-20620 - Vulnerability Details

- Out-of-Bounds Read Allowing Kernel Memory Exposure and System Crash in macOS

Description

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An attacker may be able to cause unexpected system termination or read kernel memory.

Published: 2026-02-11

Score: 7.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is an out-of-bounds read identified in certain macOS releases. Improved input validation has been applied to address the flaw, but before the fix, maliciously constructed input could trigger unexpected system termination or allow read access to kernel memory.

Affected Systems

Affected systems include Apple macOS releases prior to the patched versions. The CVE references releases Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.3 as fixed; therefore, any macOS deployment older than those in those series is susceptible. No specific sub-versions are listed, so the risk applies to all earlier builds of these macOS releases.

Risk and Exploitability

The CVSS score is 7.7, indicating high severity, while the EPSS score is below 1%, implying a low but non‑zero likelihood of exploitation. The vulnerability is not in the CISA KEV catalog. Given the description, the attack likely requires user-supplied input and therefore is most probable in a local or privileged context. Attackers could read sensitive kernel data or cause the system to crash, compromising confidentiality or availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 14.8.4
`0`	affected	< 15.7.4
`0`	affected	< 26.3

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

Vendor Product Confidence Versions

Apple

Macos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Macos

—

Version	Status	Scheme	Platform
`[0,15.7)`	affected	generic	—

Apple

Macos

—

Version	Status	Scheme	Platform
`[0,14.8)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest macOS update that resolves the out‑of‑bounds read flaw (CWE‑125).
Where immediate patching is infeasible, enforce strict input validation at the application level or isolate the vulnerable functionality to sandboxed environments to prevent boundary violations.
Continuously monitor kernel logs for unexpected crash signatures or memory access anomalies that could indicate exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 00:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126349
https://support.apple.com/en-us/126350

History

Thu, 16 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Title		Out-of-Bounds Read Allowing Kernel Memory Exposure and System Crash in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.	An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An attacker may be able to cause unexpected system termination or read kernel memory.

Tue, 17 Feb 2026 13:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:apple:macos::::::::

Fri, 13 Feb 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Feb 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Vendors & Products		Apple Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.
References		https://support.apple.com/en-us/126348 https://support.apple.com/en-us/126349 https://support.apple.com/en-us/126350

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-02-11T22:58:16.266Z

Updated: 2026-04-02T18:13:36.594Z

Reserved: 2025-11-11T14:43:07.859Z

Link: CVE-2026-20620

Vulnrichment

Updated: 2026-02-13T20:12:56.350Z

NVD

Status : Modified

Published: 2026-02-11T23:16:05.577

Modified: 2026-04-02T19:21:11.240

Link: CVE-2026-20620

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T01:00:19Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object