Authorization Bypass in macOS Tahoe 26.4 Allows App to Access Sensitive Data: CVE-2026-20696 May 2026

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

Vulnerability Analysis

CVE-2026-20696 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-20696 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-20696

Want to know whenever a new CVE is published for Apple macOS? stack.watch will email you.

Authorization Bypass in macOS Tahoe 26.4 Allows App to Access Sensitive Data
CVE-2026-20696 Published on May 11, 2026

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-20696

Affected Versions

Authorization Bypass in macOS Tahoe 26.4 Allows App to Access Sensitive DataCVE-2026-20696 Published on May 11, 2026

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-20696

Affected Versions

Authorization Bypass in macOS Tahoe 26.4 Allows App to Access Sensitive Data
CVE-2026-20696 Published on May 11, 2026