CVE-2026-20676
published 2026-02-11CVE-2026-20676: This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_26.3_and_ipados | — | — |
| apple | ios_and_ipados | < 26.3 | 26.3 |
| apple | ipados | < 26.3 | 26.3 |
| apple | iphone_os | < 26.3 | 26.3 |
| apple | macos | < 26.3 | 26.3 |
| apple | macos_tahoe | — | — |
| apple | safari | < 26.3 | 26.3 |
| apple | safari | — | — |
| apple | visionos | < 26.3 | 26.3 |
| apple | visionos | — | — |
| debian | webkit2gtk | < webkit2gtk 2.50.6-1~deb12u1 (bookworm) | webkit2gtk 2.50.6-1~deb12u1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.50.6-1~deb12u1 (bookworm) | webkit2gtk 2.50.6-1~deb12u1 (bookworm) |
| ubuntu | webkit2gtk | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM