CVE-2026-20676 - Vulnerability Details

This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126353
https://support.apple.com/en-us/126354

History

Wed, 11 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
References		https://support.apple.com/en-us/126346 https://support.apple.com/en-us/126348 https://support.apple.com/en-us/126353 https://support.apple.com/en-us/126354

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-02-11T22:58:25.537Z

Updated: 2026-02-11T22:58:25.537Z

Reserved: 2025-11-11T14:43:07.867Z

Link: CVE-2026-20676

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-11T23:16:09.990

Modified: 2026-02-11T23:16:09.990

Link: CVE-2026-20676

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object