CVE-2026-43721
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
A vulnerability in Safari allows a malicious website to silently hijack clipboard data. The issue was addressed through improved state management. It is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
Risk Assessment
The organization is at risk of sensitive clipboard data (e.g., passwords, credit card numbers) being stolen without user consent or awareness.
Recommendation
Immediately update all Apple devices to the latest versions: iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2.
Original NVD description (English source)
This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijack clipboard data.

