CVE-2026-20645

MEDIUM

iOS <26.3 & iPadOS <26.3 - Info Disclosure

Title source: llm

Description

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.

References (2)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/126346

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/126347

Scores

CVSS v3 4.6

EPSS 0.0002

EPSS Percentile 4.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-1021

Status published

Affected Products (2)

apple/ipados < 18.7.5

apple/iphone_os < 18.7.5

Timeline

Published Feb 11, 2026

Tracked Since Feb 18, 2026