CVE-2026-20678
Description
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authorization issue in iOS/iPadOS allows an app to access sensitive user data, patched in iOS 26.3 and iOS 18.7.5.
CVE-2026-20678 is an authorization vulnerability in iOS and iPadOS that stems from improper state management. The issue allows an app to bypass authorization checks and access sensitive user data.
The vulnerability can be exploited by an app running on the device without requiring physical access or additional privileges. The app may access data that should be protected, such as personal information or system resources.
Successful exploitation could lead to unauthorized disclosure of sensitive user data, compromising user privacy.
Apple has addressed this issue in iOS 26.3 and iPadOS 26.3 for devices with iPhone 11 and later, and in iOS 18.7.5 and iPadOS 18.7.5 for older models [1][2]. Users are advised to update to the latest operating system versions.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <18.7.5
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- support.apple.com/en-us/126346nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126347nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.