CVE-2026-20626 - Vulnerability Details

- Root Privilege Escalation via Malicious App on Apple Platforms

Description

This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.

Published: 2026-02-11

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing authorization check allows a malicious application to gain root privileges on affected Apple operating systems. This flaw can be leveraged to execute privileged code, modify system files or settings, and potentially install persistence mechanisms. The primary weakness is identified as CWE-862: Missing Authorization. The vulnerability directly compromises confidentiality, integrity, and availability for any user who runs the malicious app.

Affected Systems

Apple iOS 26.3, iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3 are affected. Broad OS versions of iPhone, iPad, Mac and visionOS devices are impacted, as reflected in the cpe strings for iOS, iPadOS, macOS and visionOS.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Attackers would typically install a malicious app on the device, which then abuses the missing authorization to elevate privileges. No external conditions beyond the ability to run an app on the device are required.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 15.7.4
`0`	affected	< 26.3

Apple

visionOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

No data.

Vendor Product Confidence Versions

Apple

Ios And Ipados

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Macos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Macos

—

Version	Status	Scheme	Platform
`[0,15.7)`	affected	generic	—

Apple

Visionos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest supported operating system updates (iOS 26.3, iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3).
Restrict the installation of applications to trusted sources and enforce MDM policies that prevent sideloading of unverified apps.
Monitor device logs for anomalous processes running with root privileges and investigate any unexpected activity.

Generated by OpenCVE AI on April 15, 2026 at 21:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126349
https://support.apple.com/en-us/126353

History

Wed, 15 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Title		Root Privilege Escalation via Malicious App on Apple Platforms

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.	This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.

Thu, 12 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados Apple iphone Os
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple ipados Apple iphone Os

Thu, 12 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 12 Feb 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios And Ipados Apple macos Apple visionos
Vendors & Products		Apple Apple ios And Ipados Apple macos Apple visionos

Wed, 11 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
References		https://support.apple.com/en-us/126346 https://support.apple.com/en-us/126348 https://support.apple.com/en-us/126349 https://support.apple.com/en-us/126353

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Visionos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-02-11T22:58:06.193Z

Updated: 2026-04-02T18:09:23.121Z

Reserved: 2025-11-11T14:43:07.860Z

Link: CVE-2026-20626

Vulnrichment

Updated: 2026-02-12T16:05:09.827Z

NVD

Status : Modified

Published: 2026-02-11T23:16:06.083

Modified: 2026-04-02T19:21:12.247

Link: CVE-2026-20626

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T21:15:13Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object