CVE-2026-28871 | THREATINT

Description

A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.

PUBLISHED Reserved 2026-03-03 | Published 2026-03-25 | Updated 2026-04-02 | Assigner apple

Problem types

Visiting a maliciously crafted website may lead to a cross-site scripting attack

Product status

Any version before 26.4

affected

Any version before 18.7.7

affected

Any version before 26.4

affected

Any version before 26.4

affected

References

support.apple.com/en-us/126792

support.apple.com/en-us/126793

support.apple.com/en-us/126794

support.apple.com/en-us/126800

cve.org (CVE-2026-28871)

nvd.nist.gov (CVE-2026-28871)

Download JSON