Critical severity9.8NVD Advisory· Published Dec 17, 2025· Updated Apr 2, 2026
CVE-2025-43526
CVE-2025-43526
Description
This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <26.2
- (no CPE)range: <26.2
- Range: <26.2
Patches
Vulnerability mechanics
References
2- support.apple.com/en-us/125886nvdRelease NotesVendor Advisory
- support.apple.com/en-us/125892nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.