CVE-2026-20643 in Apple macOSinfo

Summary

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.

Responsible

apple

Reservation

11/11/2025

Disclosure

03/18/2026

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
351450Apple macOS/iOS/iPadOS cross-domain policy942Not definedOfficial fixCVE-2026-20643

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!