CVE-2026-43700
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A cross-origin issue was addressed with improved tracking of security origins in Safari, iOS, iPadOS, and macOS Tahoe. Processing maliciously crafted web content may disclose sensitive user information. The fix is included in versions 26.5.2.
Risk Assessment
The organization risks exposure of sensitive user data, such as credentials or session information, through cross-origin attacks. This could lead to privacy breaches and data security incidents.
Recommendation
Immediately update Safari to version 26.5.2 and iOS, iPadOS, and macOS Tahoe to version 26.5.2. Prioritize devices used for accessing sensitive information.
Original NVD description (English source)
A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.

