CVE-2026-28861

EUVD-2026-15135
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
applesafari
𝑥
< 26.4
appleipados
𝑥
< 18.7.7
appleipados
26.0 ≤
𝑥
< 26.4
appleiphone_os
𝑥
< 18.7.7
appleiphone_os
26.0 ≤
𝑥
< 26.4
applemacos
𝑥
< 26.4
applevisionos
𝑥
< 26.4
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libjavascriptcoregtk-4_0-18
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
libjavascriptcoregtk-4_1-0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
libjavascriptcoregtk-6_0-1
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
libwebkit2gtk-4_0-37
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
libwebkit2gtk-4_1-0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
libwebkit2gtk3-lang
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
libwebkitgtk-6_0-4
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-JavaScriptCore-4_0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-JavaScriptCore-4_1
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-JavaScriptCore-6_0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-WebKit-6_0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-WebKit2-4_0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-WebKit2-4_1
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-WebKit2WebExtension-4_0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-WebKit2WebExtension-4_1
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
typelib-1_0-WebKitWebProcessExtension-6_0
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
webkit2gtk-4_0-injected-bundles
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 12 SP3
2.52.1-4.57.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
webkit2gtk-4_1-injected-bundles
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
webkit2gtk3-devel
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
webkit2gtk3-soup2-devel
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
webkit2gtk4-devel
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
webkitgtk-6_0-injected-bundles
suse enterprise desktop 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise sap 15 SP7
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP4
2.52.1-150400.4.140.2
fixed
suse enterprise server 15 SP6
2.52.1-150600.12.63.1
fixed
suse enterprise server 15 SP7
2.52.1-150600.12.63.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://support.apple.com/en-us/126792
https://support.apple.com/en-us/126793
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126799
https://support.apple.com/en-us/126800