CVE Catalog

CVE-2026-43721

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

A vulnerability in Safari allows a malicious website to silently hijack clipboard data. The issue was addressed through improved state management. It is fixed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk Assessment

The organization is at risk of sensitive clipboard data (e.g., passwords, credit card numbers) being stolen without user consent or awareness.

Recommendation

Immediately update all Apple devices to the latest versions: iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2.

Original NVD description (English source)

This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijack clipboard data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS