Use-After-Free Vulnerability in Safari Affects Apple Products
CVE-2026-28942

6.5MEDIUM

Key Information:

Vendor: Apple
Status: Safari; iOS And iPad OS; Mac OS; TV OS
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-28942?

A vulnerability in Safari has been identified that involves a use-after-free issue, potentially compromising system stability. This flaw can be exploited by processing specially crafted web content, resulting in unexpected crashes of the browser. Apple has addressed this issue in multiple products, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, with updates aimed at enhancing memory management and mitigating risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS 0 < 26.5

macOS 0 < 26.5

Safari 0 < 26.5

References

https://support.apple.com/en-us/127110

https://support.apple.com/en-us/127115

https://support.apple.com/en-us/127118

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28942 Data

JSON