CVE-2026-43704
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
A use-after-free vulnerability was addressed with improved memory management in Safari, iOS, iPadOS, and macOS Tahoe. A malicious web extension may exploit this issue to cause an unexpected process crash.
Risk Assessment
The risk involves a potential Denial of Service (DoS) attack via browser process crash, which can disrupt user operations and potentially enable further attacks.
Recommendation
Immediately update Safari to version 26.5.2 and iOS/iPadOS/macOS Tahoe to version 26.5.2 to remediate the vulnerability.
Original NVD description (English source)
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.

