CVE-2026-20699Improper Verification of Cryptographic Signature in Apple Macos

CWE-347Improper Verification of Cryptographic Signature5 documents5 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 99.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Macos
Timeline
PublishedMar 25

Description

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5apple/macos< 14.8.5+3
NVDapple/macos14.014.8.5+2

🔴Vulnerability Details

2
CVEList
CVE-2026-20699: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions2026-03-25
GHSA
GHSA-943h-6fx4-c427: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions2026-03-25

📋Vendor Advisories

1
Apple
CVE-2026-20699: macOS Tahoe 26.32026-02-11

🕵️Threat Intelligence

1
Wiz
CVE-2026-20699 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20699 — Apple Macos vulnerability | cvebase