CVE-2026-20700
Published: 11 February 2026
Summary
CVE-2026-20700 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 44.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of flaws like this memory corruption vulnerability through patching to version 26.3.
Implements memory protections such as non-executable memory, ASLR, and isolation to directly mitigate memory corruption exploits enabling arbitrary code execution.
Verifies software and firmware integrity to detect or prevent unauthorized modifications resulting from the improper state management flaw.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption vulnerability (CWE-119) allows local low-privilege attacker to achieve arbitrary code execution, directly enabling exploitation for privilege escalation.
NVD Description
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute…
more
arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Deeper analysisAI
CVE-2026-20700 is a memory corruption vulnerability stemming from improper state management, classified under CWE-119. It affects multiple Apple operating systems, including iOS and iPadOS prior to version 26.3, macOS Tahoe prior to 26.3, tvOS prior to 26.3, visionOS prior to 26.3, and watchOS prior to 26.3. The issue enables an attacker with memory write capability to execute arbitrary code.
Exploitation requires local access (AV:L) with low privileges (PR:L) and low complexity (AC:L), with no user interaction needed (UI:N) and unsynchronized scope (S:U). Successful exploitation grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8.
Apple security advisories detail the patch deployment in the listed 26.3 updates across affected platforms. Mitigation involves immediate application of these updates, with further guidance available at https://support.apple.com/en-us/126346, https://support.apple.com/en-us/126348, https://support.apple.com/en-us/126351, https://support.apple.com/en-us/126352, and https://support.apple.com/en-us/126353.
Apple has acknowledged a report of potential exploitation in an extremely sophisticated attack targeting specific individuals on iOS versions prior to 26. This CVE forms part of a cluster of three issued in response to the report, including CVE-2025-14174 and CVE-2025-43529.
Details
- CWE(s)
- KEV Date Added
- 12 February 2026