CVE Catalog

CVE-2026-43708

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

A vulnerability in Safari allows a malicious website to exfiltrate data cross-origin. The issue was addressed by improving input validation.

Risk Assessment

An attacker could exploit this flaw to steal sensitive user data, such as session cookies or authorization tokens, from other origins.

Recommendation

Immediately update Safari to version 26.5.2 and iOS/iPadOS/macOS Tahoe to the specified versions.

Original NVD description (English source)

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS