CVE-2026-20665

Published Mar 25, 2026

Last updated a month ago

CVSS medium 6.5

Overview

Description: This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Source: product-security@apple.com
NVD status: Analyzed
Products: safari, ipados, iphone_os, macos, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-693

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "993386B4-0570-414F-B4A6-3E65F5704903",
            "versionEndExcluding": "26.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "118313FD-8CF6-4412-B1A8-4BC3D5C2F519",
            "versionEndExcluding": "18.7.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F201257D-2F7C-43AA-BD51-ED5EC98F99E0",
            "versionEndExcluding": "26.4",
            "versionStartIncluding": "26.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "684E10EB-D01A-4E80-8764-B48B554B0B5E",
            "versionEndExcluding": "18.7.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F7F08C35-7A60-4FEC-8D44-533902F43EDD",
            "versionEndExcluding": "26.4",
            "versionStartIncluding": "26.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DCFD15D9-91CA-4342-9F7E-A219B459B755",
            "versionEndExcluding": "26.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A906E2B7-B83B-4AD0-B00F-BEDEF2EDB844",
            "versionEndExcluding": "26.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "113B9705-BFF0-4357-B1AB-F57052F32361",
            "versionEndExcluding": "26.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F6EAF0A5-7CFF-4EF6-9BC7-DB25B213F753",
            "versionEndExcluding": "26.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References