Exploitation Summary
EIP tracks 1 public exploit for CVE-2026-43700. PoCs published by dem0ns.
AI-analyzed exploit summary This repository provides a functional PoC for CVE-2026-43700, a cross-origin information leak in WebKit's WebGPU `importExternalTexture` affecting Safari versions prior to 26.5.2. The PoC includes live verification pages demonstrating the vulnerability.
Description
A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.
Exploits (1)
This repository provides a functional PoC for CVE-2026-43700, a cross-origin information leak in WebKit's WebGPU `importExternalTexture` affecting Safari versions prior to 26.5.2. The PoC includes live verification pages demonstrating the vulnerability.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N