CVE-2026-43706
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A double free vulnerability in WebKit may cause an unexpected process crash when processing maliciously crafted web content. The issue is fixed in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
Risk Assessment
An attacker could trigger a crash in the browser or any WebKit-based application, potentially disrupting services and enabling further exploitation.
Recommendation
Immediately update all Apple devices to the latest versions: iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
Original NVD description (English source)
A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

