CVE-2026-43704

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

30 Jun 2026, 18:26

Type Values Removed Values Added
First Time Apple macos
Apple
Apple ipados
Apple safari
Apple iphone Os
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/127594 - () https://support.apple.com/en-us/127594 - Vendor Advisory
References () https://support.apple.com/en-us/127595 - () https://support.apple.com/en-us/127595 - Vendor Advisory
References () https://support.apple.com/en-us/127685 - () https://support.apple.com/en-us/127685 - Vendor Advisory

29 Jun 2026, 22:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-416

29 Jun 2026, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-29 20:17

Updated : 2026-06-30 18:26


NVD link : CVE-2026-43704

Mitre link : CVE-2026-43704

CVE.ORG link : CVE-2026-43704


JSON object : View

Products Affected

apple

  • ipados
  • safari
  • macos
  • iphone_os
CWE
CWE-416

Use After Free