CVE-2026-43725

HIGH

Apple Safari - Improper Input Validation

Title source: rule
STIX 2.1

Description

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.

Scores

CVSS v3 7.1
EPSS 0.0031
EPSS Percentile 23.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (7)
Apple/iOS and iPadOS < 26.5.2
apple/ipados < 26.5.2
apple/iphone_os < 26.5.2
Apple/macOS < 26.5.2
apple/macos 26.0 - 26.5.2
Apple/Safari < 26.5.2
apple/safari < 26.5.2
Published Jun 29, 2026
Tracked Since Jun 30, 2026