CVE-2026-20700

ENISA EUVD: EUVD-2026-6189 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: Feb. 18, 2026 9 articles Published: 2026-02-11

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.43%

probability

This CVE has a 0.43% probability of being exploited in the next 30 days.

0% Top 63.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Affected Products

Apple

iOS and iPadOS

Apple

macOS

Apple

tvOS

Apple

visionOS

Apple

watchOS

apple

ipados

apple

iphone os

apple

macos

apple

tvos

apple

visionos

Apple

iOS and iPadOS

0 <26.3

Apple

macOS

unspecified <26.3

Apple

watchOS

unspecified <26.3

Apple

tvOS

0 <26.3

Apple

iOS and iPadOS

unspecified <26.3

Apple

visionOS

0 <26.3

Apple

visionOS

unspecified <26.3

Apple

tvOS

unspecified <26.3

Apple

watchOS

0 <26.3

Apple

macOS

0 <26.3

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime

Google Project Zero

Patched

Feb. 11, 2026

Reported by

Google Threat Analysis Group

https://support.apple.com/en-us/126346

https://support.apple.com/en-us/126348

https://support.apple.com/en-us/126351

https://support.apple.com/en-us/126352

https://support.apple.com/en-us/126353

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.43%

CVSS v3.1 7.8

Mentions 9

Last Seen Apr 01, 2026

CNA Information

CNA Assigner

apple

Analyst Note

This CVE demonstrates strong confirmation indicators: Apple explicitly acknowledged active exploitation in sophisticated targeted attacks, it appears in Google Project Zero records, and multiple reputable sources (BleepingComputer, TheHackerNews, CyberScoop) independently reported the zero-day with consistent technical details. The HIGH CVSS score (7.8) combined with vendor confirmation of real-world exploitation and the availability of patches across all affected platforms provides high confidence in the CONFIRMED status.

Triage Info

Decided atFeb 18, 2026

Published DateFeb 11, 2026