CVE-2026-20691

MEDIUM

Safari < 26.4 - Unauthorized Sensitive Information Exposure via Webpage Fingerprinting

Title source: llm
STIX 2.1

Description

An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.

References (5)

Core 5

Scores

CVSS v3 4.3
EPSS 0.0028
EPSS Percentile 19.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-497
Status published
Products (11)
Apple/iOS and iPadOS < 26.4
apple/ipados < 26.4
apple/iphone_os < 26.4
Apple/macOS < 26.4
apple/macos 26.0 - 26.4
Apple/Safari < 26.4
apple/safari < 26.4
Apple/visionOS < 26.4
apple/visionos < 26.4
Apple/watchOS < 26.4
... and 1 more
Published Mar 25, 2026
Tracked Since Mar 25, 2026