CVE-2026-43676 | An out-of-bounds access issue was addressed with improved bo… | CVSS 6.5 MEDIUM

Description

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Metadata

CVE ID: CVE-2026-43676
State: PUBLISHED
Assigner: apple
Reserved: 2026-05-01 22:46 UTC
Published: 2026-06-29 19:42 UTC
Last updated: 2026-06-29 21:38 UTC
Primary CWE: CWE-125
CWE-125 Out-of-bounds Read
Vendor / Product: Apple / Safari
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (3)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 26.5.2
Apple	macOS	—	0 < 26.5.2
Apple	Safari	—	0 < 26.5.2

Weakness (CWE)

CWE	Source	Description
—	cna	Processing maliciously crafted web content may lead to an unexpected Safari crash
CWE-125	adp	CWE-125 Out-of-bounds Read
CWE-787	adp	CWE-787 Out-of-bounds Write

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (3)