CVE-2026-28947

HIGH

iOS and iPadOS < 26.5 - Use-After-Free via Maliciously Crafted Web Content

Title source: llm

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

References (6)

Core 6

Core References

https://support.apple.com/en-us/127110

https://support.apple.com/en-us/127115

https://support.apple.com/en-us/127118

https://support.apple.com/en-us/127119

https://support.apple.com/en-us/127120

https://support.apple.com/en-us/127121

Scores

CVSS v3 8.8

EPSS 0.0005

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (12)

Apple/iOS and iPadOS < 26.5

apple/ipados < 26.5

apple/iphone_os < 26.5

Apple/macOS < 26.5

apple/macos 26.0 - 26.5

Apple/Safari < 26.5

Apple/tvOS < 26.5

apple/tvos < 26.5

Apple/visionOS < 26.5

apple/visionos < 26.5

... and 2 more

Published May 11, 2026

Tracked Since May 12, 2026