Cross-Origin Vulnerability in Apple Navigation API
CVE-2026-20643

Currently unrated

Key Information:

Vendor

Apple
Status
Mac OS
iOS
iPad OS
Vendor
CVE Published:
17 March 2026

What is CVE-2026-20643?

A cross-origin vulnerability exists within the Navigation API that could allow maliciously crafted web content to bypass the Same Origin Policy. This issue has been rectified with enhanced input validation in version updates for iOS, iPadOS, and macOS, specifically in versions 26.3.1 and 26.3.2. Users should ensure their systems are updated to the latest versions to mitigate potential security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS < 26.3.1 (a)

iPadOS < 26.3.1 (a)

macOS < 26.3.2 (a)

References

https://support.apple.com/en-us/126604

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.