CVE-2026-43706 | A double free issue was addressed with improved memory manag… | CVSS 6.5 MEDIUM

Description

A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Metadata

CVE ID: CVE-2026-43706
State: PUBLISHED
Assigner: apple
Reserved: 2026-05-01 22:46 UTC
Published: 2026-06-29 19:43 UTC
Last updated: 2026-06-29 21:44 UTC
Primary CWE: CWE-415
CWE-415 Double Free
Vendor / Product: Apple / iOS and iPadOS
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 26.5.2
Apple	macOS	—	0 < 26.5.2

Weakness (CWE)

CWE	Source	Description
—	cna	Processing maliciously crafted web content may lead to an unexpected process crash
CWE-415	adp	CWE-415 Double Free

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (2)