VDB

CISA-2026-20665

CISA-2026-20665 PUBLISHED CVSS 6.5 MEDIUM

Reported by apple · Published March 25, 2026

This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Products

VendorProductVersions
AppleSafari0
AppleiOS and iPadOS0, 0
ApplemacOS0
AppletvOS0
ApplevisionOS0
ApplewatchOS0
AppleSafari0, 0
AppleiOS and iPadOS0, 0, 0
ApplemacOS0, 0
AppletvOS0, 0
ApplevisionOS0, 0
ApplewatchOS0, 0

Timeline

  • Mar 25, 2026 CVE Published
  • Mar 25, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›