Cyber Posture

CVE-2026-20649

High

Published: 11 February 2026

Published
11 February 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 9.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20649 is a high-severity Insecure Temporary File (CWE-377) vulnerability in Apple Ipados. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique.
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1654 Log Enumeration Discovery
Adversaries may enumerate system and service logs to find useful data.
attack.mitre.org →
Why these techniques?

Vulnerability exposes sensitive data via insufficient log redaction (insecure temp files), directly enabling remote collection of local system data and log enumeration without auth.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.

Deeper analysisAI

CVE-2026-20649 is a logging vulnerability stemming from insufficient data redaction in Apple's operating systems. Affected components include iOS and iPadOS prior to version 26.3, macOS Tahoe prior to 26.3, tvOS prior to 26.3, and watchOS prior to 26.3. The issue allows sensitive user information to be exposed through logs, as indicated by CWE-377 (Insecure Temporary File) and NVD-CWE-noinfo mappings. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with network accessibility and low attack complexity.

A remote, unauthenticated attacker can exploit this vulnerability over the network without requiring user interaction or privileges. Successful exploitation enables the attacker to access sensitive user information logged without proper redaction, potentially leading to privacy violations such as exposure of personal data.

Apple's security advisories detail the fix as improved data redaction in logging mechanisms, available in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, and watchOS 26.3. Practitioners should prioritize updating affected devices to mitigate exposure of sensitive information in logs. Relevant advisories are published at https://support.apple.com/en-us/126346, https://support.apple.com/en-us/126348, https://support.apple.com/en-us/126351, and https://support.apple.com/en-us/126352.

Details

CWE(s)
NVD-CWE-noinfoCWE-377

Affected Products

apple
ipados
≤ 26.3
apple
iphone os
≤ 26.3
apple
macos
≤ 26.3
apple
tvos
≤ 26.3
apple
watchos
≤ 26.3

CVEs Like This One

CVE-2025-31183Same product: Apple Ipados
CVE-2024-54468Same product: Apple Ipados
CVE-2025-31255Same product: Apple Ipados
CVE-2024-54522Same product: Apple Ipados
CVE-2026-20687Same product: Apple Ipados
CVE-2024-54523Same product: Apple Ipados
CVE-2024-54517Same product: Apple Ipados
CVE-2025-24107Same product: Apple Ipados
CVE-2026-28855Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados

References