Cyber Resilience

CVE-2026-20658

High

Published: 11 February 2026

Published
11 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20658 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20658 is a package validation vulnerability affecting macOS Tahoe versions prior to 26.3. The flaw enables an app to bypass validation checks, potentially allowing it to gain root privileges. Apple addressed the issue by blocking the vulnerable package, as detailed in their security advisory.

The vulnerability has a CVSS v3.1 base score of 7.8 (High), with a local attack vector (AV:L), low attack complexity (AC:L), and requires low privileges (PR:L) but no user interaction (UI:N). An attacker with local access and basic user privileges can exploit it to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), effectively escalating privileges to root level within the system.

Apple's advisory at https://support.apple.com/en-us/126348 confirms the fix in macOS Tahoe 26.3, recommending users update to this version to mitigate the issue by blocking the vulnerable package. No additional workarounds are specified.

EU & UK References

Vulnerability details

A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local package validation bypass enabling root privilege escalation matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-54509Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24255Same product: Apple Macos
CVE-2025-30449Same product: Apple Macos
CVE-2026-28923Same product: Apple Macos
CVE-2024-54546Same product: Apple Macos
CVE-2025-43257Same product: Apple Macos
CVE-2026-28840Same product: Apple Macos

Affected Assets

apple
macos
26.0 — 26.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Verifies software integrity using cryptographic mechanisms, directly preventing execution of invalid or tampered packages that enable privilege escalation.

prevent

Requires signed components and signature validation prior to use, comprehensively mitigating package validation bypasses exploited for root privilege gain.

prevent

Mandates timely flaw remediation including vendor patches like macOS Tahoe 26.3, which blocks the vulnerable package to eliminate the privilege escalation risk.

References