CVE-2026-20638
published 2026-02-11CVE-2026-20638: A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_26.3_and_ipados | — | — |
| apple | ios_and_ipados | < 26.3 | 26.3 |
| apple | ipados | < 26.3 | 26.3 |
| apple | iphone_os | < 26.3 | 26.3 |