CVE-2026-20634 | Vulnerability Database | Aqua Security

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	18.7.5 (excluding)
Ipados	Apple	26.0 (including)	26.3 (excluding)
Iphone_os	Apple	*	18.7.5 (excluding)
Iphone_os	Apple	26.0 (including)	26.3 (excluding)
Macos	Apple	14.0 (including)	14.8.4 (excluding)
Macos	Apple	15.0 (including)	15.7.4 (excluding)
Macos	Apple	26.0 (including)	26.3 (excluding)
Tvos	Apple	*	26.3 (excluding)
Visionos	Apple	*	26.3 (excluding)
Watchos	Apple	*	26.3 (excluding)

References

https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126347
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126349
https://support.apple.com/en-us/126350
https://support.apple.com/en-us/126351
https://support.apple.com/en-us/126352
https://support.apple.com/en-us/126353

NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-20634
CWE	https://cwe.mitre.org/data/definitions/.html