CVE-2025-43526
published 2025-12-17CVE-2025-43526: This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 26.2 | 26.2 |
| apple | macos_tahoe | — | — |
| apple | safari | < 26.2 | 26.2 |
| apple | safari | — | — |