{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20622", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.859Z", "datePublished": "2026-03-25T00:32:15.307Z", "dateUpdated": "2026-03-25T20:19:59.445Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to capture a user's screen"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.7.4", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen."}], "references": [{"url": "https://support.apple.com/en-us/126348"}, {"url": "https://support.apple.com/en-us/126349"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:15.307Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:19:37.077071Z", "id": "CVE-2026-20622", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:19:59.445Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:19:37.077071Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:19:54.925Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "15.7.4", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "26.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/126348"}, {"url": "https://support.apple.com/en-us/126349"}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to capture a user's screen"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:32:15.307Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20622", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:19:59.445Z", "dateReserved": "2025-11-11T14:43:07.859Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-03-25T00:32:15.307Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F7A1AF-3DD7-4FA1-BF78-4855F83BB463", "versionEndExcluding": "15.7.4", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0488A377-7971-4703-8823-05BF1E23CF48", "versionEndExcluding": "26.3", "versionStartIncluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen."}], "id": "CVE-2026-20622", "lastModified": "2026-03-25T21:53:53.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T01:17:03.873", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126348"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126349"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.7.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T02:25:31.982061+00:00", "value": {"mitigation_remediation": ["Apply the latest macOS updates\u2014Sequoia 15.7.4 or Tahoe 26.3\u2014to ensure the temporary file handling issue is patched.", "If an upgrade is not possible, restrict application permissions by reviewing the Screen Recording settings and revoking access for apps that do not require it.", "Monitor system activity for unexpected screen capture behavior and consider using security tools that detect unauthorized screen recording.", "Maintain regular system updates and keep macOS at a supported version to avoid similar privacy vulnerabilities."], "summary": {"action": "Patch Immediately", "impact": "Screen Capture / Privacy Breach"}, "threat_synthesis": {"affected_systems": "Apple macOS is affected. The defect is fixed in macOS Sequoia 15.7.4 and macOS Tahoe 26.3, which implies that versions older than those releases are vulnerable. Users running earlier macOS builds may be exposed to the risk of accidental or malicious screen capture by local applications.", "description_and_impact": "An improper handling of temporary files in macOS allows an application to obtain screen content, resulting in a privacy breach that could expose sensitive user information. The vulnerability is described as a privacy issue that permits an app to capture a user's screen, potentially without the user's knowledge or consent. It involves a weakness in how temporary files are managed, leading to unintentional disclosure of confidential visual data.", "risk_and_exploitability": "The CVSS score is not supplied, but the vulnerability carries a moderate to high impact as it permits confidential information leakage. EPSS data is unavailable, and the flaw is not listed in the CISA KEV catalog, suggesting that exploitation is neither widely documented nor currently in active use. The likely attack vector is local, requiring an application on the target device to exploit the temporary file handling path. An attacker could install or inject malicious code that uses the flaw to capture screen contents, thereby compromising user privacy. No specific prerequisites are detailed, but the presence of a vulnerable application on the system is sufficient for exploitation."}}}}, "created": "2026-03-25T11:36:32.649389+00:00", "title": "Potential Screen Capture via Improper Temporary File Handling", "updated": "2026-03-25T21:16:48.893421+00:00", "vendors": ["apple", "apple$PRODUCT$macos"], "weaknesses": ["CWE-200"]}