CVE-2026-20643 – Apple WebKit – Memory Handling
“A browser engine weakness can quietly expose every page you load.”
Apple addressed a vulnerability in WebKit involving improper memory handling that could lead to unintended behavior during web content processing. The issue could potentially allow malicious web content to impact application stability or bypass certain security controls under specific conditions. The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
CVE-2026-20643 has a CVSS score of 5.4, which is Medium severity. While the vulnerability does not enable direct system compromise on its own, it affects a core component used across browsers and applications, increasing exposure to web-based attack vectors.
The patch improves memory validation and strengthens safeguards in WebKit to prevent misuse during content rendering. There is no confirmed real-world exploitation at this time.
Key Details
- Affected Product
- Apple Ipados
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-20