CVE-2026-20616

HIGH EPSS 41.3%

Published Feb 11, 20264mo ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Feb 11, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

41.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 5

Vendor	Product	Version	Range
apple	ipados	*	<18.7.5
apple	iphone_os	*	<18.7.5
apple	macos	*	≥14.0 – <14.8.4
apple	macos	*	≥26.0 – <26.3
apple	visionos	*	<26.3

References 5

support.apple.com https://support.apple.com/en-us/126347

Release NotesVendor Advisory
support.apple.com https://support.apple.com/en-us/126348

Release NotesVendor Advisory
support.apple.com https://support.apple.com/en-us/126350

Release NotesVendor Advisory
support.apple.com https://support.apple.com/en-us/126353

Release NotesVendor Advisory
zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-26-176/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.