Cyber Resilience

CVE-2026-20631

High

Published: 25 March 2026

Published
25 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 21.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-20631 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20631 is a logic issue addressed with improved checks in macOS. The vulnerability affects macOS versions prior to Tahoe 26.4 and enables a user to elevate privileges. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE category NVD-CWE-noinfo.

An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity and no user interaction required. Successful exploitation results in high impacts to confidentiality, integrity, and availability, allowing the attacker to elevate privileges.

Apple's security advisory confirms the issue is fixed in macOS Tahoe 26.4. Security practitioners should apply this update to mitigate the vulnerability. Additional details are available at https://support.apple.com/en-us/126794.

EU & UK References

Vulnerability details

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a logic flaw enabling local privilege escalation from low-privileged user context, directly matching T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24195Same product: Apple Macos
CVE-2026-28925Same product: Apple Macos
CVE-2025-43257Same product: Apple Macos
CVE-2025-24228Same product: Apple Macos
CVE-2025-30464Same product: Apple Macos
CVE-2026-28891Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos
CVE-2025-30449Same product: Apple Macos
CVE-2026-28919Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos

Affected Assets

apple
macos
26.0 — 26.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of software flaws, directly mitigating this logic issue by applying the macOS Tahoe 26.4 patch.

prevent

Enforces logical access authorizations with improved checks to prevent unauthorized privilege elevation exploited by this logic flaw.

prevent

Implements least privilege to restrict low-privilege users from gaining elevated access, limiting the scope of exploitation.

References