CVE-2026-20643 - Vulnerability Details

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://support.apple.com/en-us/126604

History

Tue, 17 Mar 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.
References		https://support.apple.com/en-us/126604

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-03-17T22:29:48.227Z

Updated: 2026-03-17T22:29:48.227Z

Reserved: 2025-11-11T14:43:07.862Z

Link: CVE-2026-20643

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-17T23:16:17.193

Modified: 2026-03-17T23:16:17.193

Link: CVE-2026-20643

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object