macOS Symlink Exploit Lets App Read Sensitive Data: Fixed 15.7.5/14.8.5/26.4
CVE-2026-20633 Published on March 25, 2026

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.

NVD

Products Associated with CVE-2026-20633

stack.watch emails you whenever new vulnerabilities are published in Apple macOS or Apple Macos Sonoma. Just hit a watch button to start following.

Apple macOS

Apple Macos Sonoma

Affected Versions

Apple macOS:

Before 14.8.5 is affected.
Before 15.7.5 is affected.
Before 26.4 is affected.

macOS Symlink Exploit Lets App Read Sensitive Data: Fixed 15.7.5/14.8.5/26.4CVE-2026-20633 Published on March 25, 2026

Products Associated with CVE-2026-20633

Affected Versions

macOS Symlink Exploit Lets App Read Sensitive Data: Fixed 15.7.5/14.8.5/26.4
CVE-2026-20633 Published on March 25, 2026