CVE Catalog
CVE-2026-43735
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was fixed with improved checks in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
Risk Assessment
An attacker can steal sensitive user data (e.g., cookies, tokens) from other domains, leading to privacy breaches and potential account takeover.
Recommendation
Immediately update Safari, iOS, iPadOS, and macOS Tahoe to version 26.5.2 or later.
Original NVD description (English source)
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

