CVE-2026-20674
Sensitive Data Exposure on Locked iOS/iPadOS Devices
Publication date: 2026-02-11
Last updated on: 2026-02-13
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.3 (exc) |
| apple | iphone_os | to 26.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability is a privacy issue in Apple devices running iOS and iPadOS. It was addressed by removing sensitive data from the system. The issue allowed an attacker with physical access to a locked device to potentially view sensitive user information.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow someone with physical access to your locked iOS or iPadOS device to view sensitive user information, potentially compromising your privacy and security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your device to iOS 26.3 or iPadOS 26.3 as this issue is fixed in these versions.
Additionally, ensure that physical access to locked devices is restricted to prevent attackers from viewing sensitive user information.