CVE-2026-43735
Received Received - Intake

Cross-Origin Data Exfiltration in Safari

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Apple Inc.

Description
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-43735

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
apple safari 26.5.2
apple ios 26.5.2
apple ipados 26.5.2
apple macos_tahoe 26.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves a security flaw in Apple products such as Safari, iOS, iPadOS, and macOS Tahoe. A malicious website could exploit this flaw to exfiltrate data across origins, meaning it could access data from other websites or sources without permission.

The issue was addressed by implementing improved checks to prevent this unauthorized data exfiltration.

Impact Analysis

If exploited, this vulnerability could allow a malicious website to steal sensitive information from your browser or device by bypassing normal security restrictions that separate data from different websites.

This could lead to privacy breaches, unauthorized access to personal or confidential data, and potential misuse of that information.

Compliance Impact

This vulnerability allows a malicious website to exfiltrate data cross-origin, which could lead to unauthorized access and leakage of sensitive user information.

Such unauthorized data exfiltration may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access and breaches.

However, specific impacts on compliance depend on the nature of the data involved and the context of the exploitation, which is not detailed in the provided information.

Mitigation Strategies

To mitigate this vulnerability, update your Apple devices and software to the fixed versions Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, or macOS Tahoe 26.5.2 as applicable.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart