QSearchQSearch

CVE-2026-28955

7.5 HIGH

The issue was addressed with improved memory handling

Published: 2026-05-11 · Last updated: 2026-05-13

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-119

Affected products

VendorProduct
appleipados, iphone_os, macos

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-46315 A permissions issue was addressed with additional restrictions (7.5 HIGH)
  • CVE-2025-46313 A logging issue was addressed with improved data redaction (5.5 MEDIUM)
  • CVE-2025-46308 An authorization issue was addressed with improved state management (5.3 MEDIUM)
  • CVE-2025-46293 This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
  • CVE-2025-43339 An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)

Same CWE

  • CVE-2026-12330 Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
  • CVE-2026-12329 Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
  • CVE-2026-12327 Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (7.3 HIGH)
  • CVE-2026-12326 Memory safety bugs present in Firefox 151 and Thunderbird 151 (7.3 HIGH)
  • CVE-2026-12318 Incorrect boundary conditions in the Libraries component in NSS (7.3 HIGH)