CVE-2026-20665

EUVD-2026-15051
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
applesafari
𝑥
< 26.4
appleipados
𝑥
< 18.7.7
appleipados
26.0 ≤
𝑥
< 26.4
appleiphone_os
𝑥
< 18.7.7
appleiphone_os
26.0 ≤
𝑥
< 26.4
applemacos
𝑥
< 26.4
appletvos
𝑥
< 26.4
applevisionos
𝑥
< 26.4
applewatchos
𝑥
< 26.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.apple.com/en-us/126792
https://support.apple.com/en-us/126793
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126797
https://support.apple.com/en-us/126798
https://support.apple.com/en-us/126799
https://support.apple.com/en-us/126800