Cross-Site Scripting Vulnerability in Safari and Apple Devices
CVE-2026-28871

Currently unrated

Key Information:

Vendor

Apple
Status
Safari
iOS And iPad OS
Mac OS
Vendor
CVE Published:
25 March 2026

What is CVE-2026-28871?

A logic issue in Safari has been identified that allows for potential cross-site scripting attacks. This vulnerability could be exploited by visiting a maliciously crafted website, which may lead to unauthorized script execution or data leakage. Users should ensure that they are using the latest software versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS 0 < 18.7.7

iOS and iPadOS 0 < 26.4

macOS 0 < 26.4

References

https://support.apple.com/en-us/126792
https://support.apple.com/en-us/126793
https://support.apple.com/en-us/126794

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.