{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20607", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.857Z", "datePublished": "2026-03-25T00:31:50.881Z", "dateUpdated": "2026-03-25T00:31:50.881Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access protected user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data."}], "references": [{"url": "https://support.apple.com/en-us/126794"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:31:50.881Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data."}], "id": "CVE-2026-20607", "lastModified": "2026-03-25T15:41:58.280", "metrics": {}, "published": "2026-03-25T01:17:03.763", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126794"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126795"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126796"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.7.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T03:00:02.862733+00:00", "value": {"mitigation_remediation": ["Update macOS to the latest release that includes the fix\u2014macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, or macOS Tahoe 26.4"], "summary": {"action": "Apply Patch", "impact": "Access to Protected User Data"}, "threat_synthesis": {"affected_systems": "Apple macOS systems running versions earlier than macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, or macOS Tahoe 26.4 are affected. The patch is included in these updates and newer releases.", "description_and_impact": "A permissions issue within macOS allows certain applications to bypass the system\u2019s additional restrictions and read protected user data. The flaw represents an improper access control weakness that can expose sensitive information that should remain confined to the user. This can result in privacy violations for individuals who rely on the confidentiality of personal data.", "risk_and_exploitability": "No CVSS score or EPSS data are provided, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the ability for an app to read protected data raises a moderate to high confidentiality risk. The likely attack vector is local, requiring the app to be installed or executed on the user\u2019s machine; no remote exploitation paths are documented. Due to the sensitive nature of the data that could be accessed, the vulnerability warrants timely remediation."}}}}, "created": "2026-03-25T11:36:53.443687+00:00", "title": "macOS Permissions Flaw Allows Applications to Access Protected User Data", "updated": "2026-03-25T20:56:37.356424+00:00", "vendors": ["apple", "apple$PRODUCT$macos"], "weaknesses": ["CWE-284"]}