CVE-2026-20676

MEDIUM

iOS <26.3 - Info Disclosure

Title source: llm

Description

This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

References (4)

Scores

CVSS v3 5.3
EPSS 0.0003
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-400
Status published

Affected Products (5)

apple/safari < 26.3
apple/ipados < 26.3
apple/iphone_os < 26.3
apple/macos < 26.3
apple/visionos < 26.3

Timeline

Published Feb 11, 2026
Tracked Since Feb 18, 2026