Description
An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.
Published: 2026-02-11
Score: 2.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Disclosure of Photos via Lock Screen
Action: Update
AI Analysis

Impact

An input validation flaw in Apple iOS and iPadOS allows a user with physical access to a device to view photos from the lock screen, resulting in unauthorized disclosure of personal media. The vulnerability was formally addressed by Apple in iOS 26.3 and iPadOS 26.3, ensuring that the exposed data no longer appears on the lock screen before authentication.

Affected Systems

The flaw affects devices running any iOS or iPadOS version prior to 26.3. Apple confirmed the issue in its support article and published a firmware update that eliminates the photo preview from the lock screen.

Risk and Exploitability

With a CVSS score of 2.4 the vulnerability is considered low severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild, and the issue is not listed in the CISA KEV catalog. An attacker must have physical access and use the locked device; no network or remote code execution is required. Given the low exploitation probability and limited impact, the risk remains low but mitigable by patching or disabling the preview.

Generated by OpenCVE AI on April 15, 2026 at 20:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to iOS 26.3 or iPadOS 26.3 to remove the lock‑screen photo preview
  • If an update is not possible, disable photo previews on the lock screen via Settings > Photos > Show Sensitive Content
  • Store the device in a secure location to limit opportunistic physical access

Generated by OpenCVE AI on April 15, 2026 at 20:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126346 cve-icon cve-icon
History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Physical Access Photo Exposure via Lock Screen on iOS and iPadOS

Thu, 19 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Tue, 17 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os
Metrics cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Vendors & Products Apple
Apple ios And Ipados

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:20.003Z

Reserved: 2025-11-11T14:43:07.861Z

Link: CVE-2026-20642

cve-icon Vulnrichment

Updated: 2026-02-18T14:31:10.537Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:07.227

Modified: 2026-02-18T15:18:42.033

Link: CVE-2026-20642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses