CVE-2026-20698

HIGH

Apple Ios And Ipados < 26.4 - Denial of Service

Title source: rule

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory.

Exploits (1)

nomisec WORKING POC

by Somisomair · poc

https://github.com/Somisomair/CVE-2026-20698-PF_ROUTE-Heap-Overflow

View Code ZIP pw:eip

References (5)

https://support.apple.com/en-us/126792

https://support.apple.com/en-us/126794

https://support.apple.com/en-us/126797

https://support.apple.com/en-us/126798

https://support.apple.com/en-us/126799

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-787

Status published

Products (11)

Apple/iOS and iPadOS < 26.4

apple/ipados < 26.4

apple/iphone_os < 26.4

Apple/macOS < 26.4

apple/macos 26.0 - 26.4

Apple/tvOS < 26.4

apple/tvos < 26.4

Apple/visionOS < 26.4

apple/visionos < 26.4

Apple/watchOS < 26.4

... and 1 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026