vulnerability

OS X update for WebKit (CVE-2026-20652)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Feb 16, 2026

Added

Feb 16, 2026

Modified

Apr 6, 2026

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.

Solution

apple-osx-upgrade-26_3

References

CVE-2026-20652
https://attackerkb.com/topics/CVE-2026-20652
CWE-400
EUVD-EUVD-2026-6705
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-6705
https://support.apple.com/en-us/126348

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report