CVE-2026-20684 Apple CVE debrief

Who should care

Administrators and users running macOS Tahoe 26.0 through 26.3, especially environments that rely on Gatekeeper to screen application launches and reduce exposure to untrusted software.

Technical summary

According to NVD’s modified record and the linked Apple advisory, CVE-2026-20684 is a permissions issue in macOS Tahoe that was fixed in macOS Tahoe 26.4. NVD maps the vulnerable range to macOS 26.0 through before 26.4 and assigns CVSS v3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating local conditions, required user interaction, and limited integrity impact.

Defensive priority

Low overall severity, but moderate priority for hosts on macOS Tahoe 26.0-26.3 because the issue affects a core trust-control path and is fixed in a specific maintenance release.

Recommended defensive actions

• Update macOS Tahoe systems to 26.4 or later.
• Prioritize assets still on macOS Tahoe 26.0-26.3 for remediation.
• Continue standard software trust controls and avoid approving untrusted apps unless necessary.
• Track Apple’s vendor advisory for any follow-up guidance or release note updates.

Evidence notes

The NVD modified record dated 2026-05-10 cites Apple support note 126794 and lists macOS vulnerable from 26.0 through before 26.4. The record includes CVSS v3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N and does not show a CISA KEV entry in the supplied corpus.

Official resources