CVE-2022-26773

CVE Database · CVE-2022-26773

CVE-2022-26773

· HIGHModified

CVSS v3.1

7.1

EPSS

0.54%

Published

May 26, 2022

Modified

May 30, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Weaknesses (CWE)

CWE-285

Affected Products (1)

apple · itunes (up to 12.12.4)vulnerable

References (2)

https://support.apple.com/en-us/HT213259

Vendor Advisory

https://support.apple.com/en-us/HT213259

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs