{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20631", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.860Z", "datePublished": "2026-03-25T00:31:42.395Z", "dateUpdated": "2026-03-25T00:31:42.395Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A user may be able to elevate privileges"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges."}], "references": [{"url": "https://support.apple.com/en-us/126794"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:31:42.395Z"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC92015C-1AE0-4CF3-9127-4CC7B89C0CB1", "versionEndIncluding": "26.4", "versionStartIncluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges."}], "id": "CVE-2026-20631", "lastModified": "2026-03-25T22:01:24.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T01:17:04.003", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/126794"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T02:28:28.330257+00:00", "value": {"mitigation_remediation": ["Apply the macOS 26.4 update or later.", "If an immediate update is not possible, monitor Apple support for additional advisories and restrict user privileges as a temporary countermeasure."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Apple macOS systems before the 26.4 update are affected; the issue was fixed in macOS Tahoe 26.4, so older releases remain vulnerable.", "description_and_impact": "A logic flaw in macOS allows a local user to elevate privileges, potentially gaining administrative rights and compromising system integrity.", "risk_and_exploitability": "The CVSS score is not provided, and no EPSS data is available. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting it is not actively exploited. Attackers would likely need local user access to exploit the logic flaw, leading to privilege escalation. Given the absence of public exploitation evidence, the risk is moderate; however, the lack of a patch for older versions still presents a potential abuse vector."}}}}, "created": "2026-03-25T11:37:00.627531+00:00", "title": "Privilege Escalation Logic Error in macOS Tahoe 26.4", "updated": "2026-03-25T20:56:45.384150+00:00", "vendors": ["apple", "apple$PRODUCT$macos"], "weaknesses": ["CWE-269"]}