{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20648", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.863Z", "datePublished": "2026-02-11T22:59:01.808Z", "dateUpdated": "2026-04-02T18:25:28.055Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious app may be able to access notifications from other iCloud devices"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices."}], "references": [{"url": "https://support.apple.com/en-us/126348"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:25:28.055Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T19:01:18.950980Z", "id": "CVE-2026-20648", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T19:02:26.865Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20648", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-12T19:01:18.950980Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T19:01:49.041Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126348"}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious app may be able to access notifications from other iCloud devices"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-02-11T22:59:01.808Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20648", "state": "PUBLISHED", "dateUpdated": "2026-02-12T19:02:26.865Z", "dateReserved": "2025-11-11T14:43:07.863Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-02-11T22:59:01.808Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EEEE88-5ADA-4C55-9C7C-397E904408DD", "versionEndExcluding": "26.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices."}], "id": "CVE-2026-20648", "lastModified": "2026-02-13T14:47:19.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-11T23:16:07.730", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126348"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.3)"}}], "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-04-15T20:47:44.022303+00:00", "value": {"mitigation_remediation": ["Update macOS to version 26.3 or later to apply the vendor patch", "Restrict installation to trusted applications by disabling or monitoring app sources", "Grant iCloud notification access only to authorized applications and revoke permissions for unverified apps"], "summary": {"action": "Immediate Patch", "impact": "Privacy Breach"}, "threat_synthesis": {"affected_systems": "Apple's macOS operating system is affected, particularly versions earlier than macOS Tahoe\u00a026.3, which contains the fix for this issue.", "description_and_impact": "A vulnerability in macOS could allow a malicious application to read notifications from other iCloud devices, exposing sensitive personal information. The flaw originates from an improper handling of protected data, leading to unauthorized disclosure of private notification content, which is identified as a privacy violation (CWE\u2011200).", "risk_and_exploitability": "The CVSS score of 5.5 indicates a medium severity of the vulnerability, while an EPSS score of less than 1% implies a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local installation of a malicious application that can access iCloud notification data. No remote exploitation is mentioned, so the threat requires the attacker to have physical or remote access to install the malicious app."}}}}, "created": "2026-02-12T09:02:13.035798+00:00", "title": "Malicious Application Can Read iCloud Device Notifications via Sensitive Data Exposure", "updated": "2026-04-15T21:00:09.939426+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}