CVE-2026-28971
published 2026-05-11CVE-2026-28971: The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_and_ipados | < 26.5 | 26.5 |
| apple | ipados | < 26.5 | 26.5 |
| apple | iphone_os | < 26.5 | 26.5 |
| apple | macos | < 26.5 | 26.5 |
| apple | macos | >= 26.0 < 26.5 | 26.5 |
| apple | safari | < 26.5 | 26.5 |
| apple | visionos | < 26.5 | 26.5 |