CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 5, 2026

CVE-2026-20700

High

EPSS 0.4%CISA KEV

Apple/Multiple Products

Description

Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

EPSS — Exploit Probability

0.4%

Higher than 63.0% of all CVEs

Required Action

https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700

CVE-2026-20700

Description

EPSS — Exploit Probability

Required Action

Related Articles (6)

Apple patches older iPhones and iPads against Coruna exploits

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

New “Darksword” iOS exploit used in infostealer attack on iPhones

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

CISA orders feds to patch DarkSword iOS flaws exploited attacks

Risk Assessment

Details

Timeline

Affected Product

External Links