CVE Catalog

CVE-2026-28979

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

An out-of-bounds access vulnerability in Safari and Apple systems allows processing maliciously crafted web content to cause an unexpected process crash. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk Assessment

The risk involves potential unexpected crashes of the browser or system, which may disrupt user work or lead to loss of unsaved data.

Recommendation

It is recommended to immediately update Safari to version 26.5.2 and iOS, iPadOS, and macOS Tahoe to the corresponding 26.5.2 versions.

Original NVD description (English source)

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS