CVE Catalog

CVE-2026-43735

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was fixed with improved checks in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Risk Assessment

An attacker can steal sensitive user data (e.g., cookies, tokens) from other domains, leading to privacy breaches and potential account takeover.

Recommendation

Immediately update Safari, iOS, iPadOS, and macOS Tahoe to version 26.5.2 or later.

Original NVD description (English source)

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS