Home / Vulnerability Intelligence / CVE-2026-20667

CVE-2026-20667 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 13, 2026

Apple - Sandbox Escape

Published: February 11, 2026Updated: February 13, 2026

Overview

Apple watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3, and iPadOS 26.3 contain a sandbox escape vulnerability caused by a logic issue, letting apps break out of their sandbox, exploit requires app execution.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.4%(Probability of exploitation in next 30 days)

Impact

An app can break out of its sandbox, potentially leading to privilege escalation and unauthorized system access.

Mitigation

Update to watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3, and iPadOS 26.3 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 13, 2026

🟠 CVE-2026-20667 - High (8.8) A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20667/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-20667
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: modified
EPSS: 1.4%
Social Posts: 1

CWE

NVD-CWE-noinfo
CWE-693

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

1.4%Probability of exploitation in the next 30 days