CVE-2026-39868 – Apple iOS and iPadOS

CVSS 9.1 CRITICAL Critical or Zero Day – Immediate Deployment

“Protecting the kernel protects everything that runs on top of it.”

This update addresses three vulnerabilities affecting Apple iOS and iPadOS. CVE-2026-43724 has a CVSS score of 9.8, which is Critical severity, and could allow an application to write to kernel memory or cause an unexpected system termination. CVE-2026-39868 has a CVSS score of 9.1, which is Critical severity, and could allow an application to corrupt kernel memory or unexpectedly terminate the system. CVE-2026-43722 has a CVSS score of 5.5, which is Medium severity, and could allow an application to leak sensitive kernel state.

The update improves input validation and input sanitization to strengthen kernel protections, prevent memory corruption, and reduce the risk of system instability. These vulnerabilities are fixed in iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

Key Details

Affected Product
Apple Ipados
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-20
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.