VIR Vulnerability Intelligence Relay

CVE-2026-43660

high
Published 2026-05-13 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.5

Description

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Predictions

Exploit likelihood
83%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Apple Security HT ยท View original โ†— ยท proprietary-no-redistribution
Full prose not cached โ€” VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.

Affected

VendorProductVersion
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia
appleWebKitmacOS Sonoma and macOS Sequoia

OS impact
OSVersionStatusFixed in
safari26.5fixed
ios26.5fixed
ios18.7.9fixed
macos macos26.5fixed
tvos26.5fixed
macos macosaffected18.7.9

References

CWEs

CWE-693

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.