CVE Catalog

CVE-2026-43704

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. A malicious web extension may exploit this issue to cause an unexpected process crash.

Risk Assessment

The risk involves a potential Denial of Service (DoS) attack via browser process crash, which can disrupt user operations and potentially enable further attacks.

Recommendation

Immediately update Safari to version 26.5.2 and iOS/iPadOS/macOS Tahoe to version 26.5.2 to remediate the vulnerability.

Original NVD description (English source)

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS