UNKNOWN Severity
CVE-2026-28861
Last updated Mar 26, 2026 · Published Mar 25, 2026
Description
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.
Affected products
1 listed- Apple:Safari; Apple:iOS and iPadOS; Apple:macOS; Apple:visionOS
Mappings
CWE
None listed.
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms