Medium severity5.5NVD Advisory· Published Feb 11, 2026· Updated Apr 2, 2026

CVE-2026-20621

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory handling issue in Apple operating systems could allow an app to cause unexpected system termination or corrupt kernel memory.

Vulnerability

Overview

CVE-2026-2026-20621 is a memory handling issue in Apple's memory handling that could allow an app to cause unexpected system termination or corrupt kernel memory. The vulnerability was addressed with improved memory handling in multiple Apple operating systems.

Attack

Vector and Prerequisites

The vulnerability requires an app to be running on the affected device. No additional privileges or user interaction beyond installing the app are mentioned in the description. The attack surface is local, as the app must be executed on the device.

Impact

Successful exploitation could lead to unexpected system termination (denial of service) or corruption of kernel memory, which could potentially leading to arbitrary code execution at the kernel level. The CVSS v3 score of 5.5 (Medium) reflects the need for local access and the potential for high impact on availability and integrity.

Mitigation

Apple has released patches for this issue in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, and visionOS 26.3 [1][2][3][4]. Users should update their devices to the latest available versions.

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <26.3
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <26.3
Apple Inc./macOS2 versions
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <14.8.4
- (no CPE)
Apple Inc./Visionosllm-fuzzy
Cisco Systems, Inc./Cisco iOSllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/126346nvdRelease NotesVendor Advisory
support.apple.com/en-us/126347nvdRelease NotesVendor Advisory
support.apple.com/en-us/126348nvdRelease NotesVendor Advisory
support.apple.com/en-us/126349nvdRelease NotesVendor Advisory
support.apple.com/en-us/126350nvdRelease NotesVendor Advisory
support.apple.com/en-us/126353nvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000