CVE-2026-20616

State: PUBLISHED · Published: 2026-02-11 · Updated: 2026-04-02 · Assigner: apple

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.

CWE

CWE-787 — CWE-787 Out-of-bounds Write

Affected

Apple / iOS and iPadOS — v=0 <18.7.5 [affected]
Apple / macOS — v=0 <14.8.4 [affected]; v=0 <26.3 [affected]
Apple / visionOS — v=0 <26.3 [affected]

CVSS

(none)

References

https://support.apple.com/en-us/126347
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126350
https://support.apple.com/en-us/126353

Source

cvelistV5-main/cves/2026/20xxx/CVE-2026-20616.json