Skip to content
operating-system

CVE-2026-20622

Description

CVE-2026-20622 is a privacy issue in the Shortcuts app on macOS related to improper handling of temporary files. According to Apple's advisory, the flaw could allow an app to capture a user's screen. It was reported by Csaba Fitzl (@theevilbit) of Iru.

Impact 

Exploitation of this vulnerability could allow a malicious app to capture screen contents without the user's knowledge via a Shortcuts automation. Apple addressed the issue with improved handling of temporary files in macOS Tahoe 26.3.

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.