{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20601", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.856Z", "datePublished": "2026-02-11T22:58:24.584Z", "dateUpdated": "2026-04-02T18:16:02.641Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to monitor keystrokes without user permission"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission."}], "references": [{"url": "https://support.apple.com/en-us/126348"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:16:02.641Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T15:24:16.581107Z", "id": "CVE-2026-20601", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T18:56:49.350Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T15:24:16.581107Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T15:25:49.841Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126348"}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to monitor keystrokes without user permission"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-02-11T22:58:24.584Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20601", "state": "PUBLISHED", "dateUpdated": "2026-03-04T18:56:49.350Z", "dateReserved": "2025-11-11T14:43:07.856Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-02-11T22:58:24.584Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EEEE88-5ADA-4C55-9C7C-397E904408DD", "versionEndExcluding": "26.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission."}, {"lang": "es", "value": "Un problema de permisos se abord\u00f3 con restricciones adicionales. Este problema est\u00e1 solucionado en macOS Tahoe 26.3. Una app podr\u00eda monitorear las pulsaciones de teclas sin el permiso del usuario."}], "id": "CVE-2026-20601", "lastModified": "2026-03-04T19:16:18.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-11T23:16:03.907", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126348"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.3)"}}], "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-04-16T06:54:57.560867+00:00", "value": {"mitigation_remediation": ["Upgrade macOS to version 26.3 or later to apply the official fix for the keystroke monitoring permission issue.", "Review Input Monitoring permissions (System Preferences > Security & Privacy > Privacy > Input Monitoring) and remove any applications that do not require keystroke access.", "Limit software installations to the Mac App Store or trusted developers, and consider disabling or uninstalling any applications that have been granted key\u2011logging rights without explicit user consent."], "summary": {"action": "Update macOS", "impact": "Unauthorized keystroke monitoring"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in macOS Tahoe installations prior to the 26.3 firmware update. Apple has released a patch in macOS Tahoe 26.3 that implements additional restrictions on keystroke monitoring. Users running earlier Tahoe releases, or those that have not applied the latest security update, are susceptible.", "description_and_impact": "A permissions flaw in macOS Tahoe allows applications to capture keystrokes without explicit user approval, effectively enabling keylogging. This flaw affords an attacker the ability to harvest typed data and sensitive credentials, thereby violating user privacy. The underlying weakness is an access control defect, identified as CWE\u2011284, which permits privileged data collection under the guise of legitimate input handling.", "risk_and_exploitability": "The CVSS score of 3.3 classifies the risk as moderate, and the EPSS score of less than 1\u202f% indicates low current exploitation probability. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no widespread or recent exploitation reports. Based on the description, the likely attack vector is a malicious application that either self\u2011installs or is installed by a user without proper scrutiny, exploiting the permissive monitoring permissions to gather keystrokes unnoticed."}}}}, "created": "2026-02-12T09:02:47.046196+00:00", "title": "macOS Tahoe Keystroke Monitoring Permission Flaw", "updated": "2026-04-16T07:00:10.994145+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}