VDB
DEBIAN-CVE-2026-28871
DEBIAN-CVE-2026-28871
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | wpewebkit | 2.38.6-1, 2.39.91-1, 2.40.0-1 |
| Debian:14 | webkit2gtk | 2.50.0-1, 2.52.0-1, 2.51.93-1 |
| Debian:11 | wpewebkit | 2.42.5-1, 2.52.3-1, 2.52.2-2 |
| Debian:12 | webkit2gtk | 2.53.1-1, 2.40.1-1, 2.40.2-1 |
| Debian:13 | webkit2gtk | 2.50.2-1, 2.52.3-1, 2.52.2-2 |
| Debian:14 | wpewebkit | 0, 2.50.1-1, 2.50.2-1 |
| Debian:11 | webkit2gtk | 2.36.0-3, 2.36.0-3, 2.36.1-1 |
| Debian:13 | wpewebkit | 2.52.3-1, 2.52.2-2, 2.52.2-1 |
Exploit Intelligence
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- ios_v2_generated.go (github-poc)
- ios_v1_generated.go (github-poc)
- safari_v2_generated.go (github-poc)
Timeline
- Mar 25, 2026 CVE Published
- Apr 28, 2026 CVE Updated