CVE-2026-20657

MEDIUM

Apple Ios And Ipados < 18.7.7 - Denial of Service

Title source: rule

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

References (3)

https://support.apple.com/en-us/126793

https://support.apple.com/en-us/126795

https://support.apple.com/en-us/126796

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 15.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-125 CWE-787

Status published

Products (6)

Apple/iOS and iPadOS < 18.7.7

apple/ipados < 18.7.7

apple/iphone_os < 18.7.7

Apple/macOS < 14.8.5

Apple/macOS < 15.7.5

apple/macos 14.0 - 14.8.5

Published Mar 25, 2026

Tracked Since Mar 25, 2026