Description

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.

Severity (CVSS)

Base score7.1
SeverityHigh
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Provided byCISA-ADP

Weaknesses

  • — A malicious website may be able to process restricted web content outside the sandbox
  • CWE-20 — CWE-20 Improper Input Validation

Affected products

VendorProductVersions
AppleSafari0 to <26.5.2
AppleiOS and iPadOS0 to <26.5.2
ApplemacOS0 to <26.5.2

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 30 Jun 2026 07:04 UTC.