CVE-2026-43743 | A race condition was addressed with improved state handling.… | CVSS 4.7 MEDIUM

Description

A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination.

Metadata

CVE ID: CVE-2026-43743
State: PUBLISHED
Assigner: apple
Reserved: 2026-05-01 22:46 UTC
Published: 2026-06-29 19:42 UTC
Last updated: 2026-06-29 21:25 UTC
Primary CWE: CWE-362
CWE-362 Concurrent Execution using Shared Resource with Impr…
Vendor / Product: Apple / iOS and iPadOS
Sources: cve.org · NVD

Severity & Metrics

4.7 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 26.5.2
Apple	macOS	—	0 < 26.5.2

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to cause unexpected system termination
CWE-362	adp	CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.7	MEDIUM	3.1	adp	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)