CVE-2026-20650
HIGH WAF: Medium
CVSS 7.5
Published: 2026-02-11
CWE-400 CWE-400
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apple | ipados | up to 26.3 |
| apple | iphone_os | up to 26.3 |
| apple | macos | up to 26.3 |
| apple | tvos | up to 26.3 |
| apple | visionos | up to 26.3 |
| apple | watchos | up to 26.3 |
References
- support.apple.com (Release Notes, Vendor Advisory)
- support.apple.com (Release Notes, Vendor Advisory)
- support.apple.com (Release Notes, Vendor Advisory)
- support.apple.com (Release Notes, Vendor Advisory)
- support.apple.com (Release Notes, Vendor Advisory)