CVE-2026-43708
Received Received - Intake

Safari 26.5.2 Cross-Origin Data Exfiltration Vulnerability

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Apple Inc.

Description
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-43708

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
apple safari 26.5.2
apple ios 26.5.2
apple ipados 26.5.2
apple macos_tahoe 26.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves insufficient input validation in certain Apple products, including Safari, iOS, iPadOS, and macOS Tahoe. Because of this flaw, a malicious website could potentially exfiltrate data across origins, meaning it could access data from other websites or sources that should be protected.

Impact Analysis

The impact of this vulnerability is that a malicious website could steal or exfiltrate sensitive data from your browser or device by bypassing normal security boundaries between websites. This could lead to unauthorized access to personal or confidential information.

Mitigation Strategies

To mitigate this vulnerability, update your Apple Safari, iOS, iPadOS, or macOS Tahoe to version 26.5.2 or later, where the issue has been fixed with improved input validation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43708. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart