Medium severity4.3NVD Advisory· Published Mar 25, 2026· Updated May 10, 2026
CVE-2026-28861
CVE-2026-28861
Description
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <26.4
- (no CPE)range: <26.4
- (no CPE)range: 0
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <26.4
- (no CPE)range: 0
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <26.4
- (no CPE)range: 0
- Range: <18.7.7
- Range: <26.4
- osv-coords20 versionspkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 2.52.1-150600.12.63.1+ 19 more
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- Range: 0
Patches
Vulnerability mechanics
References
5- support.apple.com/en-us/126792nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126793nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126794nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126799nvdRelease NotesVendor Advisory
- support.apple.com/en-us/126800nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.