Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.

Severity (CVSS)

Base score5.3
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Provided byCISA-ADP

Weaknesses

  • — A malicious web extension may be able to cause an unexpected process crash
  • CWE-416 — CWE-416 Use After Free

Affected products

VendorProductVersions
AppleSafari0 to <26.5.2
AppleiOS and iPadOS0 to <26.5.2
ApplemacOS0 to <26.5.2

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 30 Jun 2026 07:04 UTC.