CVE-2026-20608

EPSS 0.02%
Veröffentlicht 11.02.2026 22:58:59
Zuletzt bearbeitet 02.04.2026 19:21:09
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 7 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari Version < 26.3

Apple ≫ iPadOS Version < 18.7.5

Apple ≫ iPadOS Version >= 26.0 < 26.3

Apple ≫ iPhone OS Version < 18.7.5

Apple ≫ iPhone OS Version >= 26.0 < 26.3

Apple ≫ macOS Version < 26.3

Apple ≫ visionOS Version < 26.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://support.apple.com/en-us/126347

Vendor Advisory

Release Notes

https://support.apple.com/en-us/126348

Vendor Advisory

Release Notes

https://support.apple.com/en-us/126346

Vendor Advisory

Release Notes

https://support.apple.com/en-us/126354

Vendor Advisory

Release Notes