CVE-2026-20677 – Apple macOS and iOS Symbolic Link Sandbox Bypass Vulnerability

CVE ID : CVE-2026-20677

Published : Feb. 11, 2026, 11:16 p.m. | 1 hour, 9 minutes ago

Description : A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…