CVE-2025-46286

🔶 medium

Summary

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.

CVSS Score

4.3

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-01-09

First Seen: 2026-01-17

Last Modified 2026-01-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE IDs (Weakness Types)

CWE-288

🔗 References 1

https://support.apple.com/en-us/125884

Release Notes Vendor Advisory

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
apple	iphone_os	Affected	< 26.2
apple	ipados	Affected	< 26.2

🔗 Related CVEs 6

CVE ID	Severity	CVSS	Summary	Published
CVE-2025-46306	🔶 medium	5.5	The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPa...	2026-01-28
CVE-2025-46316	🔶 medium	4.3	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pag...	2026-01-28
CVE-2024-44238	⚠️ high	7.8	The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able...	2026-01-16
CVE-2024-54556	ℹ️ low	2.4	This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may ...	2026-01-16
CVE-2025-24089	🔶 medium	5.3	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app ...	2026-01-16
CVE-2025-24090	ℹ️ low	3.3	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app ...	2026-01-16

These CVEs affect the same products