CVE-2026-28971 | THREATINT

Description

The issue was addressed with improved UI handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.

PUBLISHED Reserved 2026-03-03 | Published 2026-05-11 | Updated 2026-05-11 | Assigner apple

Problem types

A malicious iframe may use another website’s download settings

Product status

Any version before 26.5

affected

Any version before 26.5

affected

Any version before 26.5

affected

References

support.apple.com/en-us/127110

support.apple.com/en-us/127115

support.apple.com/en-us/127120

cve.org (CVE-2026-28971)

nvd.nist.gov (CVE-2026-28971)

Download JSON