CVE-2026-20640
Undergoing Analysis Undergoing Analysis - In Progress
Screenshot Exposure via UI State Management Flaw in iOS Mirroring

Publication date: 2026-02-11

Last updated on: 2026-02-17

Assigner: Apple Inc.

Description
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-12
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20640
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apple ipados to 26.3 (exc)
apple iphone_os to 26.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-703 The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an inconsistent user interface issue related to state management in iOS and iPadOS. It allows an attacker with physical access to an iPhone to take and view screenshots of sensitive data during the iPhone Mirroring process with a Mac.

Impact Analysis

If exploited, this vulnerability could allow someone with physical access to your iPhone to capture screenshots of sensitive information without your consent while your device is mirrored to a Mac. This could lead to unauthorized disclosure of private data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, update your iPhone or iPad to iOS 26.3 or iPadOS 26.3, where the issue has been fixed.

Additionally, avoid allowing physical access to your device by untrusted individuals, especially during iPhone Mirroring with a Mac, to prevent unauthorized screenshot capture of sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart