CVE-2026-20650 - Vulnerability Details

- Denial of Service via Crafted Bluetooth Packets in Apple Operating Systems

Description

A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.

Published: 2026-02-11

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability permits an attacker with a privileged network position to send specially crafted Bluetooth packets that trigger a denial‑of‑service condition in Apple operating systems. If successfully exploited, the affected device may crash, halt services, or become entirely unresponsive, compromising availability. The weakness is a resource exhaustion flaw, identified as CWE‑400.

Affected Systems

Apple’s iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. The flaw exists in all builds prior to version 26.3 of each operating system, which includes every release before the 26.3 update that introduced improved packet validation.

Risk and Exploitability

The CVSS score of 7.5 places the issue in the high‑severity range. However, the EPSS score is less than 1 %, indicating a very low likelihood of exploitation in the wild at present. The flaw appears only in environments where an attacker can transmit Bluetooth traffic to the target device, typically meaning proximity or a compromised Bluetooth network. Because the vulnerability is not listed in the CISA KEV catalog, there is no known widespread exploitation, but the operational impact of a successful denial‑of‑service attack could still be significant for critical services.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Apple

tvOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Apple

visionOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Apple

watchOS

affected

Version	Status	Constraints
`0`	affected	< 26.3

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

Vendor Product Confidence Versions

Apple

Ios And Ipados

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Macos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Tvos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Visionos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Apple

Watchos

—

Version	Status	Scheme	Platform
`[0,26.3)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade all affected Apple operating systems to version 26.3 or later to deploy the patched Bluetooth input validation.
Disable Bluetooth on devices that are not required to use it or isolate them from networks where an attacker could send crafted packets.
Monitor device logs for abnormal Bluetooth traffic or crashes after the update and maintain network segmentation to prevent privileged access.

Generated by OpenCVE AI on April 15, 2026 at 21:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0007.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126351
https://support.apple.com/en-us/126352
https://support.apple.com/en-us/126353

History

Wed, 15 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Title		Denial of Service via Crafted Bluetooth Packets in Apple Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.	A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.

Fri, 13 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados Apple iphone Os
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple ipados Apple iphone Os

Thu, 12 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Feb 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios And Ipados Apple macos Apple tvos Apple visionos Apple watchos
Vendors & Products		Apple Apple ios And Ipados Apple macos Apple tvos Apple visionos Apple watchos

Wed, 11 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.
References		https://support.apple.com/en-us/126346 https://support.apple.com/en-us/126348 https://support.apple.com/en-us/126351 https://support.apple.com/en-us/126352 https://support.apple.com/en-us/126353

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Visionos Watchos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-02-11T22:58:12.767Z

Updated: 2026-04-02T18:12:07.639Z

Reserved: 2025-11-11T14:43:07.864Z

Link: CVE-2026-20650

Vulnrichment

Updated: 2026-02-12T21:25:27.744Z

NVD

Status : Modified

Published: 2026-02-11T23:16:07.927

Modified: 2026-04-02T19:21:17.440

Link: CVE-2026-20650

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T21:15:13Z

Weaknesses

CWE-400

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object