Skip to content
operating-system

CVE-2026-20615

Description

CVE-2026-20615 is a path handling issue within the CoreServices component of macOS. According to Apple's advisory, the flaw could allow an app to gain root privileges. It was reported by Csaba Fitzl (@theevilbit) of Iru and Gergely Kalman (@gergely_kalman).

 

Impact

Exploitation of this vulnerability could allow a local app to escalate to root privileges on an affected Mac. Apple addressed the issue with improved path validation in macOS Tahoe 26.3.

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.