Unrated severityNVD Advisory· Published Mar 25, 2026· Updated Apr 2, 2026

CVE-2026-20664

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

Affected products

Apple Inc./Ipadosllm-fuzzy
Range: <26.4
Apple Inc./Visionosllm-fuzzy2 versions
<26.4+ 1 more
- (no CPE)range: <26.4
- (no CPE)range: 0
Apple Inc./Safarillm-fuzzy2 versions
<26.4+ 1 more
- (no CPE)range: <26.4
- (no CPE)range: 0
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: <26.4
Apple Inc./macOS Tahoellm-fuzzy
Range: <26.4
Apple Inc./macOSv5
Range: 0
Apple/iOS and iPadOSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

Apple Patches Everything, (Mon, May 11th)
SANS Internet Storm Center · May 11, 2026
Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin
Wordfence Blog · May 5, 2026
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos Intelligence · May 5, 2026
Today's Odd Web Requests, (Wed, Apr 29th)
SANS Internet Storm Center · Apr 29, 2026
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
SANS Internet Storm Center · Apr 28, 2026
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
Wordfence Blog · Apr 16, 2026
30th March – Threat Intelligence Report
Check Point Research · Mar 30, 2026
Risky Business #830 -- LiteLLM and security scanner supply chains compromised
Risky Business · Mar 25, 2026
Siemens SIMATIC
CISA Alerts

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000