CVE-2026-43732
Received Received - Intake

Path Handling Flaw in Safari and iOS Reveals User Data

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Apple Inc.

Description
A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-43732

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
apple safari 26.5.2
apple ios 26.5.2
apple ipados 26.5.2
apple macos_tahoe 26.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a path handling issue in Apple software such as Safari, iOS, iPadOS, and macOS Tahoe. It was addressed by improving validation mechanisms. The issue involves processing maliciously crafted web content that could lead to the disclosure of sensitive user information.

Impact Analysis

The vulnerability can impact users by potentially exposing their sensitive information when they process maliciously crafted web content using affected Apple products. This could lead to privacy breaches or unauthorized access to personal data.

Mitigation Strategies

To mitigate this vulnerability, update affected Apple products to version 26.5.2 or later. This includes Safari, iOS, iPadOS, and macOS Tahoe.

Compliance Impact

This vulnerability involves the potential disclosure of sensitive user information due to a path handling issue when processing maliciously crafted web content.

Such disclosure of sensitive information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data.

However, no specific information is provided about the direct impact on compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart