CVE-2026-20610
Symlink Handling Flaw in macOS Tahoe Allows Root Escalation
Publication date: 2026-02-11
Last updated on: 2026-02-13
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 26.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in macOS Tahoe 26.3 by improved handling of symlinks. To mitigate this vulnerability, you should update your system to macOS Tahoe 26.3 or later.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an application to escalate its privileges to root level, potentially giving it full control over the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability involves improper handling of symbolic links (symlinks) in macOS Tahoe. Due to this issue, an application may exploit the flaw to gain root privileges on the affected system.