CVE Catalog
CVE-2026-43708
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was addressed by improving input validation.
Risk Assessment
An attacker could exploit this flaw to steal sensitive user data, such as session cookies or authorization tokens, from other origins.
Recommendation
Immediately update Safari to version 26.5.2 and iOS/iPadOS/macOS Tahoe to the specified versions.
Original NVD description (English source)
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

