Main Vulnerability Database Vulnerabilities #VU122732

#VU122732 State issues in Apple iOS and iPadOS - CVE-2026-20640

Published: February 11, 2026

Vulnerability identifier: #VU122732

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-20640

CWE-ID: CWE-371

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.

The vulnerability exists due to a state management issue in UIKit. An attacker with physical access to the system can take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.

Remediation

Install update from vendor's website.

External links

https://support.apple.com/en-us/126346

#VU122732 State issues in Apple iOS and iPadOS - CVE-2026-20640

Description

Remediation

External links

Please verify you're human