CVE-2026-20643
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.
| Vendor | apple |
| Product | safari |
| Ecosystems | |
| Industries | Technology |
| Published | Mar 17, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for apple safari
Be the first to know when new medium vulnerabilities affecting apple safari are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apple / Safari
0 < 26.4
Apple / iOS and iPadOS
0 < 18.7.7 0 < 26.3.1 (a) 0 < 26.4
Apple / macOS
0 < 26.3.1 (a) 0 < 26.3.2 (a) 0 < 26.4
Apple / visionOS
0 < 26.4
References
support.apple.com: https://support.apple.com/en-us/126604 support.apple.com: https://support.apple.com/en-us/126792 support.apple.com: https://support.apple.com/en-us/126793 support.apple.com: https://support.apple.com/en-us/126794 support.apple.com: https://support.apple.com/en-us/126799 support.apple.com: https://support.apple.com/en-us/126800 seclists.org: http://seclists.org/fulldisclosure/2026/Mar/10