DEBIAN-CVE-2026-28861

DEBIAN-CVE-2026-28861 PUBLISHED CVSS 4.300000190734863 MEDIUM

A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	wpewebkit	2.50.5-1, 2.50.4-1, 2.50.3-1
Debian:11	webkit2gtk	2.46.4-1, 2.46.4-1, 2.46.3-1
Debian:14	wpewebkit	2.52.0-1, 2.50.6-1, 2.50.5-1
Debian:13	webkit2gtk	2.51.92-1, 2.48.5-1, 2.48.5-1~deb11u1
Debian:13	wpewebkit	2.50.0-1, 2.52.2-2, 2.52.1-1
Debian:12	wpewebkit	2.50.0-1, 2.50.0-2, 2.50.1-1
Debian:12	webkit2gtk	2.53.1-1, 2.46.1-1, 2.46.1-2
Debian:14	webkit2gtk	0, 2.48.3-1, 2.48.5-1

Timeline

Mar 25, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-28861 advisory

Open in Interactive Console →