cbcvebase.
CVE-2026-20643
published 2026-03-17

CVE-2026-20643: A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS…

medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.

Affected

15 ranges
VendorProductVersion rangeFixed in
applebackground_security_improvements_for_ios_26.3.1_ipados_26.3.1_macos_26.3.1_and_m
appleios_and_ipados< 18.7.718.7.7
appleios_and_ipados< 26.3.1 (a)26.3.1 (a)
appleios_and_ipados< 26.426.4
appleipados< 26.3.126.3.1
appleiphone_os< 26.3.126.3.1
applemacos< 26.3.1 (a)26.3.1 (a)
applemacos< 26.3.2 (a)26.3.2 (a)
applemacos< 26.426.4
applemacos< 26.3.126.3.1
applesafari< 26.426.4
applevisionos< 26.426.4
debianwebkit2gtk< webkit2gtk 2.52.1-1 (sid)webkit2gtk 2.52.1-1 (sid)
debianwpewebkit< webkit2gtk 2.52.1-1 (sid)webkit2gtk 2.52.1-1 (sid)
ubuntuwebkit2gtk

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
osv5.4MEDIUM