The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.
| Vendor | Product | Versions |
|---|---|---|
| apple | safari | 0, 0, 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| apple | ios | cert_advisory | 90% |
| apple | macos | cert_advisory | 90% |
| apple | safari | cert_advisory | 90% |
| apple | ipados | cert_advisory | 90% |
| apple | iphone_os | cve_cpe | 95% |
Updated description with technical details, changed severity to HIGH, and noted that no exploit is available.
Initial creation