CVE-2026-28979
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
An out-of-bounds access vulnerability in Safari and Apple systems allows processing maliciously crafted web content to cause an unexpected process crash. The issue is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
Risk Assessment
The risk involves potential unexpected crashes of the browser or system, which may disrupt user work or lead to loss of unsaved data.
Recommendation
It is recommended to immediately update Safari to version 26.5.2 and iOS, iPadOS, and macOS Tahoe to the corresponding 26.5.2 versions.
Original NVD description (English source)
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

