Search

Find a vulnerability

Search criteria

    934 vulnerabilities found for visionos by apple

    CERTFR-2026-AVI-0563

    Vulnerability from certfr_avis - Published: 2026-05-12 - Updated: 2026-05-12

    De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Apple iPadOS iPadOS versions antérieures à 26.5
    Apple macOS macOS Sequoia versions antérieures à 15.7.7
    Apple iPadOS iPadOS versions antérieures à 15.8.8
    Apple macOS macOS Sonoma versions antérieures à 14.8.7
    Apple iPadOS iPadOS versions antérieures à 17.7.11
    Apple iPadOS iPadOS versions antérieures à 18.7.9
    Apple tvOS tvOS versions antérieures à 26.5
    Apple visionOS visionOS versions antérieures à 26.5
    Apple iPadOS iPadOS versions antérieures à 16.7.16
    Apple iOS iOS versions antérieures à 16.7.16
    Apple iOS iOS versions antérieures à 18.7.9
    Apple iOS iOS versions antérieures à 26.5
    Apple macOS macOS Tahoe versions antérieures à 26.5
    Apple watchOS watchOS versions antérieures à 26.5
    Apple iOS iOS versions antérieures à 15.8.8
    References
    Bulletin de sécurité Apple 127114 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127117 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127115 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127118 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127110 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127111 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127113 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127116 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127119 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127120 2026-05-11 vendor-advisory
    Bulletin de sécurité Apple 127112 2026-05-11 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "iPadOS versions ant\u00e9rieures \u00e0 26.5",
          "product": {
            "name": "iPadOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.7",
          "product": {
            "name": "macOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.8",
          "product": {
            "name": "iPadOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.7",
          "product": {
            "name": "macOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.11",
          "product": {
            "name": "iPadOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.9",
          "product": {
            "name": "iPadOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "tvOS versions ant\u00e9rieures \u00e0 26.5",
          "product": {
            "name": "tvOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "visionOS versions ant\u00e9rieures \u00e0 26.5",
          "product": {
            "name": "visionOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.16",
          "product": {
            "name": "iPadOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iOS versions ant\u00e9rieures \u00e0 16.7.16",
          "product": {
            "name": "iOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iOS versions ant\u00e9rieures \u00e0 18.7.9",
          "product": {
            "name": "iOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": " iOS versions ant\u00e9rieures \u00e0 26.5",
          "product": {
            "name": "iOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.5",
          "product": {
            "name": "macOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "watchOS versions ant\u00e9rieures \u00e0 26.5",
          "product": {
            "name": "watchOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        },
        {
          "description": "iOS versions ant\u00e9rieures \u00e0 15.8.8",
          "product": {
            "name": "iOS",
            "vendor": {
              "name": "Apple",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-43668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43668"
        },
        {
          "name": "CVE-2026-28944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28944"
        },
        {
          "name": "CVE-2026-1837",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1837"
        },
        {
          "name": "CVE-2026-28930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28930"
        },
        {
          "name": "CVE-2026-28976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28976"
        },
        {
          "name": "CVE-2026-43656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43656"
        },
        {
          "name": "CVE-2026-28988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28988"
        },
        {
          "name": "CVE-2026-28951",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28951"
        },
        {
          "name": "CVE-2026-28901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
        },
        {
          "name": "CVE-2026-28915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28915"
        },
        {
          "name": "CVE-2026-28965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28965"
        },
        {
          "name": "CVE-2026-28913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28913"
        },
        {
          "name": "CVE-2026-28987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28987"
        },
        {
          "name": "CVE-2026-28994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28994"
        },
        {
          "name": "CVE-2026-28919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28919"
        },
        {
          "name": "CVE-2026-28882",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28882"
        },
        {
          "name": "CVE-2026-43661",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43661"
        },
        {
          "name": "CVE-2026-28959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28959"
        },
        {
          "name": "CVE-2026-28873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28873"
        },
        {
          "name": "CVE-2026-28947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
        },
        {
          "name": "CVE-2026-43658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
        },
        {
          "name": "CVE-2026-28840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28840"
        },
        {
          "name": "CVE-2026-28920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28920"
        },
        {
          "name": "CVE-2026-28878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28878"
        },
        {
          "name": "CVE-2026-39871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39871"
        },
        {
          "name": "CVE-2026-28961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28961"
        },
        {
          "name": "CVE-2026-28907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
        },
        {
          "name": "CVE-2026-39869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39869"
        },
        {
          "name": "CVE-2025-43524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-43524"
        },
        {
          "name": "CVE-2026-28953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
        },
        {
          "name": "CVE-2026-39870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39870"
        },
        {
          "name": "CVE-2026-28963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28963"
        },
        {
          "name": "CVE-2026-28936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28936"
        },
        {
          "name": "CVE-2026-28955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
        },
        {
          "name": "CVE-2026-28977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28977"
        },
        {
          "name": "CVE-2026-28940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28940"
        },
        {
          "name": "CVE-2026-28903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
        },
        {
          "name": "CVE-2026-28969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28969"
        },
        {
          "name": "CVE-2026-28848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28848"
        },
        {
          "name": "CVE-2026-28957",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28957"
        },
        {
          "name": "CVE-2026-28819",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28819"
        },
        {
          "name": "CVE-2026-28872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28872"
        },
        {
          "name": "CVE-2026-28846",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28846"
        },
        {
          "name": "CVE-2026-28902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
        },
        {
          "name": "CVE-2026-28917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28917"
        },
        {
          "name": "CVE-2026-28964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28964"
        },
        {
          "name": "CVE-2026-28894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28894"
        },
        {
          "name": "CVE-2026-28950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28950"
        },
        {
          "name": "CVE-2026-28986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28986"
        },
        {
          "name": "CVE-2026-28925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28925"
        },
        {
          "name": "CVE-2026-28943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28943"
        },
        {
          "name": "CVE-2026-28993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28993"
        },
        {
          "name": "CVE-2026-28924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28924"
        },
        {
          "name": "CVE-2026-28990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28990"
        },
        {
          "name": "CVE-2026-28918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28918"
        },
        {
          "name": "CVE-2026-28996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28996"
        },
        {
          "name": "CVE-2026-28905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
        },
        {
          "name": "CVE-2026-28906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28906"
        },
        {
          "name": "CVE-2026-43655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43655"
        },
        {
          "name": "CVE-2026-28972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28972"
        },
        {
          "name": "CVE-2026-28941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28941"
        },
        {
          "name": "CVE-2026-28954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28954"
        },
        {
          "name": "CVE-2026-28877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28877"
        },
        {
          "name": "CVE-2026-28956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28956"
        },
        {
          "name": "CVE-2026-28974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28974"
        },
        {
          "name": "CVE-2026-43652",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43652"
        },
        {
          "name": "CVE-2026-28908",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28908"
        },
        {
          "name": "CVE-2026-43654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43654"
        },
        {
          "name": "CVE-2026-28929",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28929"
        },
        {
          "name": "CVE-2026-28971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28971"
        },
        {
          "name": "CVE-2026-28985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28985"
        },
        {
          "name": "CVE-2026-28958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
        },
        {
          "name": "CVE-2026-28995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28995"
        },
        {
          "name": "CVE-2026-28922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28922"
        },
        {
          "name": "CVE-2026-43653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43653"
        },
        {
          "name": "CVE-2026-28914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28914"
        },
        {
          "name": "CVE-2026-28942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
        },
        {
          "name": "CVE-2026-28946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
        },
        {
          "name": "CVE-2026-28991",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28991"
        },
        {
          "name": "CVE-2026-28952",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28952"
        },
        {
          "name": "CVE-2026-28962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28962"
        },
        {
          "name": "CVE-2026-28983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28983"
        },
        {
          "name": "CVE-2026-43660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
        },
        {
          "name": "CVE-2026-28904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
        },
        {
          "name": "CVE-2026-28978",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28978"
        },
        {
          "name": "CVE-2026-28992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28992"
        },
        {
          "name": "CVE-2026-43659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43659"
        },
        {
          "name": "CVE-2026-28923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28923"
        },
        {
          "name": "CVE-2026-28870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28870"
        },
        {
          "name": "CVE-2026-43666",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43666"
        },
        {
          "name": "CVE-2026-28897",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28897"
        },
        {
          "name": "CVE-2026-28883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
        },
        {
          "name": "CVE-2026-28847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
        }
      ],
      "initial_release_date": "2026-05-12T00:00:00",
      "last_revision_date": "2026-05-12T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0563",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
      "vendor_advisories": [
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127114",
          "url": "https://support.apple.com/en-us/127114"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127117",
          "url": "https://support.apple.com/en-us/127117"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127115",
          "url": "https://support.apple.com/en-us/127115"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127118",
          "url": "https://support.apple.com/en-us/127118"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127110",
          "url": "https://support.apple.com/en-us/127110"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127111",
          "url": "https://support.apple.com/en-us/127111"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127113",
          "url": "https://support.apple.com/en-us/127113"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127116",
          "url": "https://support.apple.com/en-us/127116"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127119",
          "url": "https://support.apple.com/en-us/127119"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127120",
          "url": "https://support.apple.com/en-us/127120"
        },
        {
          "published_at": "2026-05-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Apple 127112",
          "url": "https://support.apple.com/en-us/127112"
        }
      ]
    }

    CVE-2026-43668 (GCVE-0-2026-43668)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 18:06
    VLAI
    Summary
    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43668",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:06:44.920541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:06:48.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:40.859Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-43668",
        "datePublished": "2026-05-11T20:08:40.859Z",
        "dateReserved": "2026-05-01T22:46:21.640Z",
        "dateUpdated": "2026-05-12T18:06:48.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43666 (GCVE-0-2026-43666)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-12 17:17
    VLAI
    Summary
    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An attacker on the local network may be able to cause a denial-of-service
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.2,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43666",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:16:38.990135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:17:23.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker on the local network may be able to cause a denial-of-service",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:07:37.808Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-43666",
        "datePublished": "2026-05-11T20:07:37.808Z",
        "dateReserved": "2026-05-01T22:46:21.640Z",
        "dateUpdated": "2026-05-12T17:17:23.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43660 (GCVE-0-2026-43660)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-13 19:58
    VLAI
    Summary
    A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may prevent Content Security Policy from being enforced
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:18:46.236433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:18:50.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:49.368Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-43660",
        "datePublished": "2026-05-11T20:07:54.438Z",
        "dateReserved": "2026-05-01T22:46:21.639Z",
        "dateUpdated": "2026-05-13T19:58:49.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43659 (GCVE-0-2026-43659)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 13:02
    VLAI
    Summary
    A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access sensitive user data
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:02:10.660230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:02:13.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access sensitive user data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:33.459Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-43659",
        "datePublished": "2026-05-11T20:08:33.459Z",
        "dateReserved": "2026-05-01T22:46:21.639Z",
        "dateUpdated": "2026-05-12T13:02:13.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43658 (GCVE-0-2026-43658)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-06-30 12:08
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected Safari crash
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:42:27.850667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:43:51.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:32.024Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-43658"
              },
              {
                "name": "RHBZ#2483968",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483968"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43658.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27728"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25918"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27785"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28114"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27804"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28148"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28146"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28147"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25927"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27728: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25918: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27785: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28114: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27804: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28148: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28146: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28147: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25927: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-02T13:41:54.657Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
            "workarounds": [
              {
                "lang": "en",
                "value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:53.572Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-43658",
        "datePublished": "2026-05-11T20:08:18.485Z",
        "dateReserved": "2026-05-01T22:46:21.639Z",
        "dateUpdated": "2026-06-30T12:08:32.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43654 (GCVE-0-2026-43654)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-14 12:04
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to disclose kernel memory
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43654",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T12:03:12.941448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-497",
                    "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T12:04:28.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to disclose kernel memory",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:26.899Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-43654",
        "datePublished": "2026-05-11T20:08:26.899Z",
        "dateReserved": "2026-05-01T22:46:21.639Z",
        "dateUpdated": "2026-05-14T12:04:28.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39869 (GCVE-0-2026-39869)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 18:13
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing an audio stream in a maliciously crafted media file may terminate the process
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:13:29.692022Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:13:32.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing an audio stream in a maliciously crafted media file may terminate the process",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:46.086Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-39869",
        "datePublished": "2026-05-11T20:08:46.086Z",
        "dateReserved": "2026-04-07T19:58:20.173Z",
        "dateUpdated": "2026-05-12T18:13:32.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28996 (GCVE-0-2026-28996)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-13 14:39
    VLAI
    Summary
    A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access sensitive user data
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28996",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T13:32:32.648610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:39:59.736Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access sensitive user data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:07:40.498Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28996",
        "datePublished": "2026-05-11T20:07:40.498Z",
        "dateReserved": "2026-03-03T16:36:03.997Z",
        "dateUpdated": "2026-05-13T14:39:59.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28995 (GCVE-0-2026-28995)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-13 03:57
    VLAI
    Summary
    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A malicious app may be able to break out of its sandbox
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28995",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:57:44.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious app may be able to break out of its sandbox",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:49.447Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28995",
        "datePublished": "2026-05-11T20:08:49.447Z",
        "dateReserved": "2026-03-03T16:36:03.996Z",
        "dateUpdated": "2026-05-13T03:57:44.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28993 (GCVE-0-2026-28993)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 18:08
    VLAI
    Summary
    This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access user-sensitive data
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:08:17.519586Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:08:21.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access user-sensitive data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:35.102Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28993",
        "datePublished": "2026-05-11T20:08:35.102Z",
        "dateReserved": "2026-03-03T16:36:03.995Z",
        "dateUpdated": "2026-05-12T18:08:21.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28992 (GCVE-0-2026-28992)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 17:48
    VLAI
    Summary
    A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An attacker may be able to cause unexpected app termination
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:48:19.512962Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:48:22.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker may be able to cause unexpected app termination",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:17.544Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28992",
        "datePublished": "2026-05-11T20:08:17.544Z",
        "dateReserved": "2026-03-03T16:36:03.995Z",
        "dateUpdated": "2026-05-12T17:48:22.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28991 (GCVE-0-2026-28991)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 17:24
    VLAI
    Summary
    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to cause a denial-of-service
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:24:04.270320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:24:25.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to cause a denial-of-service",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:10.556Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28991",
        "datePublished": "2026-05-11T20:08:10.556Z",
        "dateReserved": "2026-03-03T16:36:03.995Z",
        "dateUpdated": "2026-05-12T17:24:25.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28990 (GCVE-0-2026-28990)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-12 13:26
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing a maliciously crafted image may corrupt process memory
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:25:32.813101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:26:03.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted image may corrupt process memory",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:07:57.090Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28990",
        "datePublished": "2026-05-11T20:07:57.090Z",
        "dateReserved": "2026-03-03T16:36:03.995Z",
        "dateUpdated": "2026-05-12T13:26:03.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28988 (GCVE-0-2026-28988)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 20:54
    VLAI
    Summary
    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to bypass certain Privacy preferences
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28988",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T20:54:33.700113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T20:54:36.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to bypass certain Privacy preferences",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:24.445Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28988",
        "datePublished": "2026-05-11T20:08:24.445Z",
        "dateReserved": "2026-03-03T16:36:03.994Z",
        "dateUpdated": "2026-05-12T20:54:36.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28983 (GCVE-0-2026-28983)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 20:28
    VLAI
    Summary
    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • A remote attacker may be able to cause a denial of service
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:51:55.823032Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-843",
                    "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T20:28:37.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A remote attacker may be able to cause a denial of service",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:48.685Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28983",
        "datePublished": "2026-05-11T20:08:48.685Z",
        "dateReserved": "2026-03-03T16:36:03.993Z",
        "dateUpdated": "2026-05-12T20:28:37.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28977 (GCVE-0-2026-28977)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-13 13:30
    VLAI
    Summary
    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing a maliciously crafted file may lead to unexpected app termination
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.2,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28977",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T13:30:19.816846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T13:30:35.875Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted file may lead to unexpected app termination",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:36.675Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28977",
        "datePublished": "2026-05-11T20:08:36.675Z",
        "dateReserved": "2026-03-03T16:36:03.993Z",
        "dateUpdated": "2026-05-13T13:30:35.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28974 (GCVE-0-2026-28974)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-12 13:21
    VLAI
    Summary
    This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to cause a denial-of-service
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:21:39.486075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:21:46.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to cause a denial-of-service",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:07:47.446Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28974",
        "datePublished": "2026-05-11T20:07:47.446Z",
        "dateReserved": "2026-03-03T16:36:03.992Z",
        "dateUpdated": "2026-05-12T13:21:46.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28972 (GCVE-0-2026-28972)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 17:23
    VLAI
    Summary
    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to cause unexpected system termination or write kernel memory
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:23:14.979983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:23:47.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to cause unexpected system termination or write kernel memory",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:07.230Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28972",
        "datePublished": "2026-05-11T20:08:07.230Z",
        "dateReserved": "2026-03-03T16:36:03.992Z",
        "dateUpdated": "2026-05-12T17:23:47.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28971 (GCVE-0-2026-28971)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-13 19:58
    VLAI
    Summary
    The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • A malicious iframe may use another website’s download settings
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:10:46.220916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1021",
                    "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:10:49.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website\u2019s download settings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious iframe may use another website\u2019s download settings",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:55.140Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28971",
        "datePublished": "2026-05-11T20:08:23.674Z",
        "dateReserved": "2026-03-03T16:36:03.992Z",
        "dateUpdated": "2026-05-13T19:58:55.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28969 (GCVE-0-2026-28969)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-12 13:23
    VLAI
    Summary
    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to cause unexpected system termination
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:23:17.375854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:23:22.141Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to cause unexpected system termination",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:07:55.362Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28969",
        "datePublished": "2026-05-11T20:07:55.362Z",
        "dateReserved": "2026-03-03T16:36:03.992Z",
        "dateUpdated": "2026-05-12T13:23:22.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28964 (GCVE-0-2026-28964)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 13:34
    VLAI
    Summary
    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access sensitive user data
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28964",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:33:31.639778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:34:14.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access sensitive user data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:08.120Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28964",
        "datePublished": "2026-05-11T20:08:08.120Z",
        "dateReserved": "2026-03-03T16:36:03.991Z",
        "dateUpdated": "2026-05-12T13:34:14.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28962 (GCVE-0-2026-28962)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-13 19:58
    VLAI
    Summary
    This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may disclose sensitive user information
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28962",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:07:30.094488Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:08:16.671Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may disclose sensitive user information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:46.189Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28962",
        "datePublished": "2026-05-11T20:07:48.312Z",
        "dateReserved": "2026-03-03T16:36:03.991Z",
        "dateUpdated": "2026-05-13T19:58:46.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28959 (GCVE-0-2026-28959)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-12 19:53
    VLAI
    Summary
    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to cause unexpected system termination
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28959",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:27:21.083038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:53:57.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to cause unexpected system termination",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:07:29.263Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28959",
        "datePublished": "2026-05-11T20:07:29.263Z",
        "dateReserved": "2026-03-03T16:36:03.991Z",
        "dateUpdated": "2026-05-12T19:53:57.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28958 (GCVE-0-2026-28958)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-05-13 19:58
    VLAI
    Summary
    This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to access sensitive user data
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:13:49.983356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:13:53.180Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to access sensitive user data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:46.964Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28958",
        "datePublished": "2026-05-11T20:07:51.789Z",
        "dateReserved": "2026-03-03T16:36:03.991Z",
        "dateUpdated": "2026-05-13T19:58:46.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28957 (GCVE-0-2026-28957)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 20:37
    VLAI
    Summary
    An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to capture a user's screen
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T20:37:43.618890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T20:37:52.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user\u0027s screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to capture a user\u0027s screen",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:43.466Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28957",
        "datePublished": "2026-05-11T20:08:43.466Z",
        "dateReserved": "2026-03-03T16:36:03.991Z",
        "dateUpdated": "2026-05-12T20:37:52.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28956 (GCVE-0-2026-28956)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-05-12 17:45
    VLAI
    Summary
    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.8.7 (custom)
    Affected: 0 , < 15.7.7 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:44:57.686985Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:45:02.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.7.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:08:44.260Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127116"
            },
            {
              "url": "https://support.apple.com/en-us/127117"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28956",
        "datePublished": "2026-05-11T20:08:44.260Z",
        "dateReserved": "2026-03-03T16:36:03.990Z",
        "dateUpdated": "2026-05-12T17:45:02.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28955 (GCVE-0-2026-28955)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-06-30 12:07
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected process crash
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T03:55:52.632985Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T12:54:42.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-312/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:54.673Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-28955"
              },
              {
                "name": "RHBZ#2483966",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483966"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28955.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27728"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25918"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27785"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28114"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27804"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28148"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28146"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28147"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25927"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27728: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25918: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27785: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28114: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27804: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28148: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28146: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28147: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25927: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-02T13:40:14.685Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
            "workarounds": [
              {
                "lang": "en",
                "value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:40.957Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28955",
        "datePublished": "2026-05-11T20:07:35.071Z",
        "dateReserved": "2026-03-03T16:36:03.990Z",
        "dateUpdated": "2026-06-30T12:07:54.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28953 (GCVE-0-2026-28953)

    Vulnerability from nvd – Published: 2026-05-11 20:07 – Updated: 2026-06-30 12:07
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected process crash
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.7.9 (custom)
    Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:15:24.809667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:15:29.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:54.943Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-28953"
              },
              {
                "name": "RHBZ#2483965",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483965"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28953.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27728"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25918"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27785"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28114"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27804"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28148"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28146"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28147"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25927"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27728: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25918: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27785: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28114: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27804: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28148: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28146: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28147: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25927: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-02T13:39:17.634Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
            "workarounds": [
              {
                "lang": "en",
                "value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:47.846Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127111"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28953",
        "datePublished": "2026-05-11T20:07:52.634Z",
        "dateReserved": "2026-03-03T16:36:03.990Z",
        "dateUpdated": "2026-06-30T12:07:54.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28947 (GCVE-0-2026-28947)

    Vulnerability from nvd – Published: 2026-05-11 20:08 – Updated: 2026-06-30 12:07
    VLAI
    Summary
    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected Safari crash
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26.5 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:44:40.637952Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:45:32.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-02T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:55.224Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-28947"
              },
              {
                "name": "RHBZ#2483964",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483964"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28947.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27728"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25918"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27785"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28114"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27804"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28148"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28146"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28147"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25927"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27728: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25918: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27785: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28114: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27804: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28148: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28146: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28147: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25927: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-02T13:38:17.466Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-02T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
            "workarounds": [
              {
                "lang": "en",
                "value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:58:54.377Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/127110"
            },
            {
              "url": "https://support.apple.com/en-us/127115"
            },
            {
              "url": "https://support.apple.com/en-us/127118"
            },
            {
              "url": "https://support.apple.com/en-us/127119"
            },
            {
              "url": "https://support.apple.com/en-us/127120"
            },
            {
              "url": "https://support.apple.com/en-us/127121"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2026-28947",
        "datePublished": "2026-05-11T20:08:19.320Z",
        "dateReserved": "2026-03-03T16:36:03.990Z",
        "dateUpdated": "2026-06-30T12:07:55.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }