CVE-2026-43731 | A use-after-free issue was addressed with improved memory ma… | CVSS 8.8 HIGH

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.

Metadata

CVE ID: CVE-2026-43731
State: PUBLISHED
Assigner: apple
Reserved: 2026-05-01 22:46 UTC
Published: 2026-06-29 19:43 UTC
Last updated: 2026-06-29 21:32 UTC
Primary CWE: CWE-416
CWE-416 Use After Free
Vendor / Product: Apple / Safari
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (3)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 26.5.2
Apple	macOS	—	0 < 26.5.2
Apple	Safari	—	0 < 26.5.2

Weakness (CWE)

CWE	Source	Description
—	cna	Processing maliciously crafted web content may lead to memory corruption
CWE-416	adp	CWE-416 Use After Free

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.8	HIGH	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)