Description
CVE-2026-20615 is a path handling issue within the CoreServices component of macOS. According to Apple's advisory, the flaw could allow an app to gain root privileges. It was reported by Csaba Fitzl (@theevilbit) of Iru and Gergely Kalman (@gergely_kalman).
Impact
Exploitation of this vulnerability could allow a local app to escalate to root privileges on an affected Mac. Apple addressed the issue with improved path validation in macOS Tahoe 26.3.
CVE-2026-28951
Learn about CVE-2026-28951, a critical macOS vulnerability allowing root privilege escalation, and discover other recent security issues affecting Apple devices.
Learn MoreCVE-2025-30427
CVE-2025-30427 is a use-after-free vulnerability in WebKit, Apple's browser engine. Processing maliciously crafted web content may lead to an unexpected Safari crash. Apple addressed this vulnerability by implementing improved memory management in Safari 18.4, macOS Sequoia 15.4, iOS 18.4, iPadOS 18
Learn MoreCVE-2023-23533
CVE-2023-23533 is a logic issue within macOS that could allow an application to modify protected parts of the file system. According to Kandji's analysis, this vulnerability allowed an attacker to swap the installer package after the system verified its code signature. The system would then install
Learn More