Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | Safari | affected |
|
||||||
| Apple | iOS and iPadOS | affected |
|
||||||
| Apple | macOS | affected |
|
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Apple | Ios And Ipados | 100% |
|
||||||||
| Apple | Macos | 100% |
|
||||||||
| Apple | Safari | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Apple Safari and iOS Cross‑Origin Data Exfiltration Vulnerability |
Tue, 30 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-352 | |
| Metrics |
ssvc
|
Tue, 30 Jun 2026 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apple
Apple ios And Ipados Apple macos Apple safari |
|
| Vendors & Products |
Apple
Apple ios And Ipados Apple macos Apple safari |
Mon, 29 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Apple Safari and iOS Cross‑Origin Data Exfiltration Vulnerability | |
| Weaknesses | CWE-1021 CWE-79 |
Mon, 29 Jun 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: apple
Published:
Updated: 2026-06-30T15:08:35.103Z
Reserved: 2026-05-01T22:46:21.646Z
Link: CVE-2026-43735
Vulnrichment
Updated: 2026-06-30T13:39:38.868Z
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-30T16:30:16Z