Apple
CVE-2026-20667
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
AnalysisAI
Sandbox escape in Apple macOS, iOS, and watchOS allows local authenticated attackers to break out of application sandboxes and gain unauthorized access to system resources and other applications' data. The vulnerability stems from insufficient validation logic in sandbox enforcement mechanisms, enabling privilege escalation with high impact on confidentiality, integrity, and availability across affected devices. No patch is currently available.
Technical ContextAI
Classified as CWE-693 (Protection Mechanism Failure). Affects Ipados. A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today