Apple PCC 5E290.3 Path Handling Leak Fixed
CVE-2026-20685 Published on May 18, 2026

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Types

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2026-20685 has been classified to as a Directory traversal vulnerability or weakness.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Versions

Apple Private Cloud Compute Server Software:

Before 5E290.3 is affected.

Apple PCC 5E290.3 Path Handling Leak FixedCVE-2026-20685 Published on May 18, 2026

Vulnerability Analysis

Weakness Types

What is a Directory traversal Vulnerability?

Improper Input Validation

Affected Versions

Apple PCC 5E290.3 Path Handling Leak Fixed
CVE-2026-20685 Published on May 18, 2026