Main Vulnerability Database Vulnerabilities #VU122730

Improper input validation in Apple iOS and iPadOS - CVE-2026-20642

Published: February 11, 2026

Vulnerability identifier: #VU122730

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-20642

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.

The vulnerability exists due to insufficient input validation in Photos. An attacker with physical access to the system can access photos from the lock screen.

How to mitigate CVE-2026-20642

Install update from vendor's website.

Sources

https://support.apple.com/en-us/126346

Improper input validation in Apple iOS and iPadOS - CVE-2026-20642

Detailed vulnerability description

How to mitigate CVE-2026-20642

Sources

Please verify you're human