Apple
CVE-2026-20645
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
AnalysisAI
Information disclosure on locked iOS and iPadOS devices stems from improper UI state management, allowing an attacker with physical device access to view sensitive user data. The vulnerability affects multiple Apple mobile OS versions and currently lacks a public patch, though fixes are available in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5.
Technical ContextAI
Classified as CWE-1021 (Improper Restriction of Rendered UI Layers or Frames). Affects Ipados. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
RemediationAI
Monitor vendor advisories for a patch.
Share
External POC / Exploit Code
Leaving vuln.today