CVE Catalog

CVE-2026-43706

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

A double free vulnerability in WebKit may cause an unexpected process crash when processing maliciously crafted web content. The issue is fixed in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk Assessment

An attacker could trigger a crash in the browser or any WebKit-based application, potentially disrupting services and enabling further exploitation.

Recommendation

Immediately update all Apple devices to the latest versions: iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Original NVD description (English source)

A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS