CVE-2026-43704

MEDIUM

Apple Safari - Use After Free

Title source: rule
STIX 2.1

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.

Scores

CVSS v3 5.3
EPSS 0.0022
EPSS Percentile 12.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (7)
Apple/iOS and iPadOS < 26.5.2
apple/ipados < 26.5.2
apple/iphone_os < 26.5.2
Apple/macOS < 26.5.2
apple/macos < 26.5.2
Apple/Safari < 26.5.2
apple/safari < 26.5.2
Published Jun 29, 2026
Tracked Since Jun 30, 2026