CVE-2026-20602 is a vulnerability in Apple macOS that allows a local application to cause a denial-of-service condition by exploiting improper handling of system caches. The vulnerability stems from insufficient controls on resource consumption related to caching mechanisms, which can be manipulated by an app to exhaust system resources, leading to system instability or crashes. This issue affects multiple macOS versions before the patched releases: Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.3. The attack vector requires local access with limited privileges and does not require user interaction or elevated permissions. The vulnerability is classified under CWE-400, indicating uncontrolled resource consumption. Apple resolved the issue by improving cache handling to prevent resource exhaustion. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the local attack vector, low complexity, required privileges, and impact limited to availability. No known exploits have been reported in the wild, but the vulnerability could be leveraged in environments where untrusted or malicious apps run locally, potentially disrupting critical systems or workflows.

The primary impact of CVE-2026-20602 is denial-of-service, which can cause affected macOS systems to become unresponsive or crash, disrupting user productivity and potentially critical operations. Since exploitation requires local access with limited privileges, the threat is more relevant in multi-user environments, enterprise settings, or scenarios where untrusted applications might be executed. The vulnerability does not compromise confidentiality or integrity, but availability impacts could lead to service interruptions, loss of unsaved data, or operational downtime. Organizations relying on macOS for critical infrastructure, development, or workstation environments could face interruptions if exploited. Although no known exploits exist currently, the medium severity rating and ease of triggering resource exhaustion make timely patching important to prevent potential abuse, especially in environments with lax application controls or insider threat risks.

Organizations should promptly apply the security updates provided by Apple in macOS Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.3 to remediate this vulnerability. Beyond patching, implement strict application control policies to limit the execution of untrusted or unnecessary applications, reducing the risk of local exploitation. Employ endpoint protection solutions capable of detecting abnormal resource consumption patterns that may indicate exploitation attempts. Monitor system logs and performance metrics for unusual cache usage or resource exhaustion symptoms. In multi-user environments, enforce least privilege principles and restrict local user permissions to minimize the potential impact of malicious or compromised applications. Regularly review and update security policies to ensure that local access is tightly controlled and that users are educated about the risks of running unverified software. Finally, maintain an incident response plan to quickly address any denial-of-service incidents that may arise.