Cross-Origin Data Exfiltration Vulnerability in Safari and iOS Products
CVE-2026-43735

Currently unrated

Key Information:

Vendor: Apple
Status: Safari; iOS And iPad OS; Mac OS
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-43735?

A vulnerability has been identified in Safari and related Apple products that allows malicious websites to potentially exfiltrate sensitive data across different origins. The issue has been remediated with enhanced verification protocols in the latest versions, ensuring that requests made to external domains cannot access data associated with the user's browser session. Users are urged to update to the latest versions of affected products to maintain security and protect their data from potential exploitation.

Affected Version(s)

iOS and iPadOS 0 < 26.5.2

macOS 0 < 26.5.2

Safari 0 < 26.5.2

References

https://support.apple.com/en-us/127594

https://support.apple.com/en-us/127595

https://support.apple.com/en-us/127685

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43735 Data

JSON