CVE-2026-20643
Description
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.021
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in macOS Tahoe 26.4 (Software Update) (Auto Reboot) | Mac |
| Vulnerabilities CVE-2026-20643 are fixed in macOS Tahoe 26.3.1-a (Software Update) (Auto Reboot) | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-614080 | macOS Tahoe 26.4 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-614017 | macOS Tahoe 26.3.1-a (Software Update) (Auto Reboot) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234