CVE Catalog

CVE-2026-43700

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

A cross-origin issue was addressed with improved tracking of security origins in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may disclose sensitive user information. The fix is included in versions 26.5.2.

Risk Assessment

The organization risks exposure of sensitive user data, such as credentials or session information, through cross-origin attacks. This could lead to privacy breaches and data security incidents.

Recommendation

Immediately update Safari to version 26.5.2 and iOS, iPadOS, and macOS Tahoe to version 26.5.2. Prioritize devices used for accessing sensitive information.

Original NVD description (English source)

A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS