VDB
GHSA-gvvx-mjmx-h5qh
GHSA-gvvx-mjmx-h5qh
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Timeline
- Mar 18, 2026 CVE Published
- Mar 25, 2026 CVE Updated
- Apr 10, 2026 Security Advisory
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-20643 advisory
- https://support.apple.com/en-us/126604 url
- https://support.apple.com/en-us/126792 url
- https://support.apple.com/en-us/126793 url
- https://support.apple.com/en-us/126794 url
- https://support.apple.com/en-us/126799 url
- https://support.apple.com/en-us/126800 url
- http://seclists.org/fulldisclosure/2026/Mar/10 url