CVE-2026-20673

MEDIUM

macOS - Logic Issue

Title source: llm

Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews.

References (4)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/126347

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/126348

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/126349

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/126350

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

Status published

Affected Products (3)

apple/ipados < 18.7.5

apple/iphone_os < 18.7.5

apple/macos < 14.8.4

Timeline

Published Feb 11, 2026

Tracked Since Feb 18, 2026