CVE-2026-20643 - Vulnerability Analysis
N/aLast Updated: March 17, 2026
Apple iOS Navigation API - CORS Misconfiguration
Overview
Apple iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1 and 26.3.2 contain a cross-origin issue caused by insufficient input validation in the Navigation API, letting attackers bypass Same Origin Policy via crafted web content, exploit requires victim to process malicious content.
Severity & Score
Impact
Attackers can bypass Same Origin Policy, potentially leading to unauthorized data access across origins.
Mitigation
Update to iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1 or later.
References
Social Media Activity(3 posts)
Apple pushes first Background Security Improvements update to fix WebKit flaw Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs... 🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV
View original post
iPhone/iPad/Macに脆弱性、Appleが「バックグラウンドセキュリティ改善」を実施/クロスオリジン問題「CVE-2026-20643」を解決 https://forest.watch.impress.co.jp/docs/news/2094087.html #forest_watch_impress #Apple #iOS #iPadOS #セキュリティ #脆弱性 #システム_ファイル #システム
View original post
Apple pushes first Background Security Improvements update to fix WebKit flaw Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs... 🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-20643
- Severity
- N/a
- Type
- cors_misconfiguration
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 3
CVSS Metrics
N/A