CVE-2026-28907

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5

Description Processing maliciously crafted web content may prevent Content Security Policy (a security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting and data injection) from being enforced.

Recommendations Update to iOS 18.7.9 Update to iPadOS 18.7.9 Update to iOS 26.5 Update to iPadOS 26.5 Update to macOS Tahoe 26.5 Update to tvOS 26.5 Update to visionOS 26.5 Update to watchOS 26.5

Fix

DoS

Improper Encoding or Escaping of Output

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-20

Related Identifiers

CVE-2026-28907

Affected Products

Apple Macos

Ios

Ipados

Macos Tahoe

Tvos

Visionos

Watchos

CVE-2026-28907

Weakness Enumeration

Related Identifiers

Affected Products

References · 11