CVE-2026-43705

HIGH

Apple Safari - Access of Resource Using Incompatible Type ('Type Confusion')

Title source: rule
STIX 2.1

Description

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.

Scores

CVSS v3 8.8
EPSS 0.0027
EPSS Percentile 19.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (7)
Apple/iOS and iPadOS < 26.5.2
apple/ipados < 26.5.2
apple/iphone_os < 26.5.2
Apple/macOS < 26.5.2
apple/macos < 26.5.2
Apple/Safari < 26.5.2
apple/safari < 26.5.2
Published Jun 29, 2026
Tracked Since Jun 30, 2026