VDB
DEBIAN-CVE-2026-20676
DEBIAN-CVE-2026-20676
PUBLISHED
CVSS 5.300000190734863 MEDIUM
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | wpewebkit | 2.52.1-1, 2.50.3-1, 2.52.3-1 |
| Debian:12 | webkit2gtk | 2.43.2-1, 2.43.3-1, 2.43.4-2 |
| Debian:14 | webkit2gtk | 2.48.6-1, *, 0 |
| Debian:14 | wpewebkit | 0, 2.48.6-1, 2.50.5-1 |
| Debian:12 | wpewebkit | 2.48.6-1, 2.48.6-2, 2.39.91-1 |
| Debian:11 | webkit2gtk | 2.38.3-1, 0, 2.32.3-1 |
| Debian:11 | wpewebkit | 2.46.6-1, 2.48.1-2, 2.38.5-1 |
| Debian:13 | webkit2gtk | *, *, 2.50.6-1 |
Timeline
- Feb 11, 2026 CVE Published
- Apr 28, 2026 CVE Updated