Protection Mechanism Failure in macOS - CVE-2026-20673
Published: February 11, 2026
Vulnerability identifier: #VU122711
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20673
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in Mail. Turning off the "Load remote content in messages" may not apply to all mail previews, leading to information exposure.
How to mitigate CVE-2026-20673
Install updates from vendor's website.