Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Apr 2, 2026
CVE-2026-20643
CVE-2026-20643
Description
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31<26.4+ 1 more
- (no CPE)range: <26.4
- (no CPE)range: 0
<26.4+ 1 more
- (no CPE)range: <26.4
- (no CPE)range: 0
- Range: <18.7.7
- osv-coords24 versionspkg:rpm/almalinux/webkit2gtk3pkg:rpm/almalinux/webkit2gtk3-develpkg:rpm/almalinux/webkit2gtk3-jscpkg:rpm/almalinux/webkit2gtk3-jsc-develpkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 2.52.3-1.el8_10+ 23 more
- (no CPE)range: < 2.52.3-1.el8_10
- (no CPE)range: < 2.52.3-1.el8_10
- (no CPE)range: < 2.52.3-1.el8_10
- (no CPE)range: < 2.52.3-1.el8_10
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- Range: 0
- Range: 0
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.