Cross-Origin Data Exfiltration Vulnerability in Safari and macOS by Apple
CVE-2026-43708

Currently unrated

Key Information:

Vendor: Apple
Status: Safari; iOS And iPad OS; Mac OS
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-43708?

A cross-origin data exfiltration vulnerability has been identified in Safari and related platforms. This issue allows malicious websites to potentially extract sensitive data from users, emphasizing the importance of secure input validation measures. Apple has released updates to address this vulnerability in Safari version 26.5.2, as well as in the latest releases of iOS, iPadOS, and macOS Tahoe. Users are encouraged to update their systems to enhance security and protect against unauthorized data access.

Affected Version(s)

iOS and iPadOS 0 < 26.5.2

macOS 0 < 26.5.2

Safari 0 < 26.5.2

References

https://support.apple.com/en-us/127594

https://support.apple.com/en-us/127595

https://support.apple.com/en-us/127685

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43708 Data

JSON