Main Vulnerability Database Vulnerabilities #VU122732

State issues in Apple iOS and iPadOS - CVE-2026-20640

Published: February 11, 2026

Vulnerability identifier: #VU122732

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-20640

CWE-ID: CWE-371

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.

The vulnerability exists due to a state management issue in UIKit. An attacker with physical access to the system can take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.

How to mitigate CVE-2026-20640

Install update from vendor's website.

Sources

https://support.apple.com/en-us/126346

State issues in Apple iOS and iPadOS - CVE-2026-20640

Detailed vulnerability description

How to mitigate CVE-2026-20640

Sources

Please verify you're human