CVE-2026-20684 - Vulnerability Details

- macOS Gatekeeper Bypass through Permissions Issue

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks.

Published: 2026-03-25

Score: 3.3 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A permissions flaw permitted applications to bypass Gatekeeper’s enforcement of signed–application requirements on Apple macOS. This weakness enables a local user or malicious app to execute binary code that Apple’s security policy normally blocks, effectively undermining the integrity of the operating system by permitting unverified software to run.

Affected Systems

Apple macOS versions prior to the 26.4 update are affected. The issue was addressed with additional restrictions in macOS Tahoe 26.4. The exact scope of earlier releases is not listed, but any macOS build that predates 26.4 remains vulnerable.

Risk and Exploitability

The CVSS score of 3.3 indicates low impact when considered alone, and the EPSS score of less than 1% shows that exploitation is unlikely at this time. It is not catalogued in CISA’s KEV database. The likely attack vector is local execution: a user who can place a signed‑certificate‑missing app on the system can launch it and gain the privileges it requests. While the vulnerability does not grant remote code execution or privilege escalation beyond what the app requests, it does break a key security boundary that normally restricts software origins.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 26.4

Configuration 1 [-]

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Apple

Macos

100%

Version	Status	Scheme	Platform
`[0,26.4)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install macOS update 26.4 or later, following Apple’s update procedures
Verify the installed macOS version via System Information to ensure the patch is applied
If the system cannot be updated immediately, prevent the use of unsigned applications by enforcing Gatekeeper settings through configuration profiles

Generated by OpenCVE AI on March 27, 2026 at 10:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.apple.com/en-us/126794

History

Fri, 27 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		macOS Gatekeeper Bypass through Permissions Issue
Weaknesses		CWE-732

Fri, 27 Mar 2026 09:30:00 +0000

Type	Values Removed	Values Added
Title	Gatekeeper Bypass via Permissions Issue
Weaknesses	CWE-284 CWE-732

Thu, 26 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
Title		Gatekeeper Bypass via Permissions Issue
Weaknesses		CWE-284 CWE-732

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Title	Gatekeeper Bypass via Permissions Issue in macOS
Weaknesses	CWE-284

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Gatekeeper Bypass via Permissions Issue in macOS
Weaknesses		CWE-284

Wed, 25 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:macos::::::::

Wed, 25 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Vendors & Products		Apple Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks.
References		https://support.apple.com/en-us/126794

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-03-25T00:31:32.329Z

Updated: 2026-04-02T18:07:48.213Z

Reserved: 2025-11-11T14:43:07.873Z

Link: CVE-2026-20684

Vulnrichment

Updated: 2026-03-25T15:16:02.130Z

NVD

Status : Analyzed

Published: 2026-03-25T01:17:05.387

Modified: 2026-03-25T20:53:21.823

Link: CVE-2026-20684

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-27T15:48:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object