Cyber Posture

CVE-2026-20700

HighCISA KEVActive Exploitation

Published: 11 February 2026

Published
11 February 2026
Modified
25 March 2026
KEV Added
12 February 2026
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 61.3th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute…

more

arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws like this memory corruption vulnerability through patching to version 26.3.

SI-16 Memory Protection good match
prevent

Implements memory protections such as non-executable memory, ASLR, and isolation to directly mitigate memory corruption exploits enabling arbitrary code execution.

SI-7 Software, Firmware, and Information Integrity partial match
preventdetect

Verifies software and firmware integrity to detect or prevent unauthorized modifications resulting from the improper state management flaw.

Security SummaryAI

CVE-2026-20700 is a memory corruption vulnerability stemming from improper state management, classified under CWE-119. It affects multiple Apple operating systems, including iOS and iPadOS prior to version 26.3, macOS Tahoe prior to 26.3, tvOS prior to 26.3, visionOS prior to 26.3, and watchOS prior to 26.3. The issue enables an attacker with memory write capability to execute arbitrary code.

Exploitation requires local access (AV:L) with low privileges (PR:L) and low complexity (AC:L), with no user interaction needed (UI:N) and unsynchronized scope (S:U). Successful exploitation grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8.

Apple security advisories detail the patch deployment in the listed 26.3 updates across affected platforms. Mitigation involves immediate application of these updates, with further guidance available at https://support.apple.com/en-us/126346, https://support.apple.com/en-us/126348, https://support.apple.com/en-us/126351, https://support.apple.com/en-us/126352, and https://support.apple.com/en-us/126353.

Apple has acknowledged a report of potential exploitation in an extremely sophisticated attack targeting specific individuals on iOS versions prior to 26. This CVE forms part of a cluster of three issued in response to the report, including CVE-2025-14174 and CVE-2025-43529.

Details

CWE(s)
CWE-119
KEV Date Added
12 February 2026

Affected Products

apple
ipados
≤ 26.3
apple
iphone os
≤ 26.3
apple
macos
≤ 26.3
apple
tvos
≤ 26.3
apple
visionos
≤ 26.3
apple
watchos
≤ 26.3

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Memory corruption vulnerability (CWE-119) allows local low-privilege attacker to achieve arbitrary code execution, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References