{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20622", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.859Z", "datePublished": "2026-03-25T00:32:15.307Z", "dateUpdated": "2026-04-02T18:17:44.860Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to capture a user's screen"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.7.4", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen."}], "references": [{"url": "https://support.apple.com/en-us/126348"}, {"url": "https://support.apple.com/en-us/126349"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:17:44.860Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:19:37.077071Z", "id": "CVE-2026-20622", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:19:59.445Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:19:37.077071Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:19:54.925Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "15.7.4", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "26.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126348"}, {"url": "https://support.apple.com/en-us/126349"}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to capture a user's screen"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:15.307Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20622", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:19:59.445Z", "dateReserved": "2025-11-11T14:43:07.859Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-03-25T00:32:15.307Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F7A1AF-3DD7-4FA1-BF78-4855F83BB463", "versionEndExcluding": "15.7.4", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0488A377-7971-4703-8823-05BF1E23CF48", "versionEndExcluding": "26.3", "versionStartIncluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen."}], "id": "CVE-2026-20622", "lastModified": "2026-03-25T21:53:53.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T01:17:03.873", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126348"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126349"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.7.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-26T13:39:56.270949+00:00", "value": {"mitigation_remediation": ["Install macOS Sequoia 15.7.4 or macOS Tahoe 26.3 to remove the vulnerability."], "summary": {"action": "Immediate Patch", "impact": "Screen Capture"}, "threat_synthesis": {"affected_systems": "Apple macOS is affected. The issue is fixed in macOS Sequoia 15.7.4 and macOS Tahoe 26.3, so earlier releases of these major versions are at risk. No other vendors or products are listed.", "description_and_impact": "A privacy flaw involving inadequate handling of temporary files may allow an application to capture the user\u2019s screen. The weakness is classified as an access control problem, meaning an application can obtain data it should not normally be able to see. The consequences include disclosure of sensitive visual information displayed on the screen and potential compromise of user privacy.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.5, indicating high severity, and an EPSS score of less than 1%, suggesting a low likelihood of active exploitation at present. It does not appear in the CISA KEV catalog. Because control over temporary files typically requires local access, the likely attack vector is a local attacker who can run or manipulate applications on the compromised machine. No additional exploit conditions are described in the available data."}}}}, "created": "2026-03-25T11:36:32.649389+00:00", "title": "Inadequate Temporary File Handling May Allow Screen Capture on macOS", "updated": "2026-03-26T13:55:05.691753+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}