PT-2026-39845 · Apple · Watchos+6
Cantina
·
Published
2026-05-11
·
Updated
2026-05-16
·
CVE-2026-43660
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 18.7.9
iOS versions prior to 26.5
iPadOS versions prior to 18.7.9
iPadOS versions prior to 26.5
macOS Tahoe versions prior to 26.5
tvOS versions prior to 26.5
visionOS versions prior to 26.5
watchOS versions prior to 26.5
Description
A validation issue exists where processing maliciously crafted web content may prevent the Content Security Policy (a security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting and data injection) from being enforced.
Recommendations
Update iOS to version 18.7.9 or 26.5
Update iPadOS to version 18.7.9 or 26.5
Update macOS Tahoe to version 26.5
Update tvOS to version 26.5
Update visionOS to version 26.5
Update watchOS to version 26.5
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Macos Tahoe
Tvos
Visionos
Watchos