Vulnerability-Lookup

CVE-2026-20686 (GCVE-0-2026-20686)

Vulnerability from cvelistv5 – Published: 2026-03-25 00:32 – Updated: 2026-03-25 00:32

Summary

This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

Severity ?

No CVSS data available.

CWE

An app may be able to access sensitive user data

Assigner

apple

References

URL

	Vendor	Product	Version
	Apple	iOS and iPadOS	Affected: 0 , < 26.3 (custom)

FKIE_CVE-2026-20686

Vulnerability from fkie_nvd - Published: 2026-03-25 01:17 - Updated: 2026-03-25 01:17

Severity ?

Summary

This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/en-us/126346

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data."
    }
  ],
  "id": "CVE-2026-20686",
  "lastModified": "2026-03-25T01:17:05.487",
  "metrics": {},
  "published": "2026-03-25T01:17:05.487",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/126346"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Received"
}

WID-SEC-W-2026-0402

Vulnerability from csaf_certbund - Published: 2026-02-11 23:00 - Updated: 2026-03-24 23:00

Summary

Apple iOS und iPadOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch. Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - MacOS X - Sonstiges

CVE-2025-14174

CVE-2025-43529

CVE-2025-43533

CVE-2025-43537

CVE-2025-46300

CVE-2025-46301

CVE-2025-46302

CVE-2025-46303

CVE-2025-46304

CVE-2025-46305

CVE-2025-59375

CVE-2026-20605

CVE-2026-20606

CVE-2026-20608

CVE-2026-20609

CVE-2026-20611

CVE-2026-20615

CVE-2026-20616

CVE-2026-20617

CVE-2026-20621

CVE-2026-20626

CVE-2026-20627

CVE-2026-20628

CVE-2026-20634

CVE-2026-20635

CVE-2026-20636

CVE-2026-20637

CVE-2026-20638

CVE-2026-20640

CVE-2026-20641

CVE-2026-20642

CVE-2026-20644

CVE-2026-20645

CVE-2026-20649

CVE-2026-20650

CVE-2026-20652

CVE-2026-20653

CVE-2026-20654

CVE-2026-20655

CVE-2026-20656

CVE-2026-20660

CVE-2026-20661

CVE-2026-20663

CVE-2026-20667

CVE-2026-20668

CVE-2026-20671

CVE-2026-20673

CVE-2026-20674

CVE-2026-20675

CVE-2026-20676

CVE-2026-20677

CVE-2026-20678

CVE-2026-20680

CVE-2026-20682

CVE-2026-20686

CVE-2026-20694

CVE-2026-20700

CVE-2026-28855

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://support.apple.com/en-us/126346	external
	https://support.apple.com/en-us/126347	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0402 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0402.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0402 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0402"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126346"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126347"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-24T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-25T06:11:04.490+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0402",
      "initial_release_date": "2026-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.3",
                "product": {
                  "name": "Apple iOS \u003c26.3",
                  "product_id": "T050863"
                }
              },
              {
                "category": "product_version",
                "name": "26.3",
                "product": {
                  "name": "Apple iOS 26.3",
                  "product_id": "T050863-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:26.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.7.5",
                "product": {
                  "name": "Apple iOS \u003c18.7.5",
                  "product_id": "T050865"
                }
              },
              {
                "category": "product_version",
                "name": "18.7.5",
                "product": {
                  "name": "Apple iOS 18.7.5",
                  "product_id": "T050865-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:18.7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.3",
                "product": {
                  "name": "Apple iPadOS \u003c26.3",
                  "product_id": "T050864"
                }
              },
              {
                "category": "product_version",
                "name": "26.3",
                "product": {
                  "name": "Apple iPadOS 26.3",
                  "product_id": "T050864-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:26.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.7.5",
                "product": {
                  "name": "Apple iPadOS \u003c18.7.5",
                  "product_id": "T050866"
                }
              },
              {
                "category": "product_version",
                "name": "18.7.5",
                "product": {
                  "name": "Apple iPadOS 18.7.5",
                  "product_id": "T050866-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:18.7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43529",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43537",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43537"
    },
    {
      "cve": "CVE-2025-46300",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-59375",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20605",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20611",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20615",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20621",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20626",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20634",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20637",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20637"
    },
    {
      "cve": "CVE-2026-20638",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20638"
    },
    {
      "cve": "CVE-2026-20640",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20640"
    },
    {
      "cve": "CVE-2026-20641",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20642",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20642"
    },
    {
      "cve": "CVE-2026-20644",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20645",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20645"
    },
    {
      "cve": "CVE-2026-20649",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20652",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20655",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20655"
    },
    {
      "cve": "CVE-2026-20656",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20660",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20661",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20661"
    },
    {
      "cve": "CVE-2026-20663",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20663"
    },
    {
      "cve": "CVE-2026-20667",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20668",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20668"
    },
    {
      "cve": "CVE-2026-20671",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20674",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20674"
    },
    {
      "cve": "CVE-2026-20675",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20678",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20678"
    },
    {
      "cve": "CVE-2026-20680",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20682",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20682"
    },
    {
      "cve": "CVE-2026-20686",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20686"
    },
    {
      "cve": "CVE-2026-20694",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20694"
    },
    {
      "cve": "CVE-2026-20700",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20700"
    },
    {
      "cve": "CVE-2026-28855",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-28855"
    }
  ]
}

GHSA-QQH3-3Q88-F879

Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-25 03:31

Details

This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-20686"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T01:17:05Z",
    "severity": null
  },
  "details": "This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.",
  "id": "GHSA-qqh3-3q88-f879",
  "modified": "2026-03-25T03:31:30Z",
  "published": "2026-03-25T03:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20686"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-20686 (GCVE-0-2026-20686)

FKIE_CVE-2026-20686

WID-SEC-W-2026-0402

GHSA-QQH3-3Q88-F879

Tags

Sightings

Nomenclature