VDB
DEBIAN-CVE-2026-20691
DEBIAN-CVE-2026-20691
PUBLISHED
CVSS 4.300000190734863 MEDIUM
An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | wpewebkit | 0, 2.52.0-1, 2.50.6-1 |
| Debian:13 | webkit2gtk | *, 0, 2.48.3-1 |
| Debian:12 | wpewebkit | 2.42.5-1.1~exp1, 2.42.5-1.1, 2.42.5-1 |
| Debian:11 | webkit2gtk | 2.39.3-1, 0, 2.32.3-1 |
| Debian:13 | wpewebkit | 2.50.3-1, 0, 2.50.4-1 |
| Debian:11 | wpewebkit | 2.46.1-1, 2.34.5-1, 2.34.6-1 |
| Debian:14 | webkit2gtk | 2.50.0-1, 2.50.0-2, 2.50.1-1~deb13u1 |
| Debian:12 | webkit2gtk | 2.40.1-1, 2.40.2-1, 2.40.2-1~deb11u1 |
Timeline
- Mar 25, 2026 CVE Published
- Apr 28, 2026 CVE Updated