CVE-2026-20643

5.4 MEDIUM

Published: March 17, 2026 Modified: March 19, 2026

Description

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://support.apple.com/en-us/126604

Source: product-security@apple.com

Release Notes Vendor Advisory

http://seclists.org/fulldisclosure/2026/Mar/10

Source: af854a3a-2127-422b-91ae-364da2661108

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.4 / 10.0

EPSS (Exploit Probability)

0.0%

8th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-20 CWE-346

Affected Vendors

apple

Related CVEs

CVE-2026-4478 8.1

CVE-2026-4477 3.1

CVE-2026-4476 6.3

CVE-2026-4475 8.8

CVE-2026-4474 2.4