cvedb.io
CVE-2026-28907
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-05-11T21:18:53.503 · Last modified 2026-06-17T10:29:19.443

Summary

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Affected products

apple — ipados

Does this affect you?

Add your gear to cvedb and we'll alert you only when apple ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.