CVE-2026-28903 - Vulnerability Details

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ios And Ipados Macos Tvos Visionos Watchos

No data.

References

Link	Providers
https://support.apple.com/en-us/127110
https://support.apple.com/en-us/127111
https://support.apple.com/en-us/127115
https://support.apple.com/en-us/127118
https://support.apple.com/en-us/127119
https://support.apple.com/en-us/127120
https://support.apple.com/en-us/127121

History

Wed, 13 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Title		Memory Handling Flaw Causes Unexpected Process Crash via Malicious Web Content
References		https://support.apple.com/en-us/127121

Wed, 13 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Title	Malicious Web Content Processing Crash in Apple OS
Weaknesses	CWE-416

Wed, 13 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 11 May 2026 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios And Ipados Apple macos Apple tvos Apple visionos Apple watchos
Vendors & Products		Apple Apple ios And Ipados Apple macos Apple tvos Apple visionos Apple watchos

Mon, 11 May 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Malicious Web Content Processing Crash in Apple OS
Weaknesses		CWE-416

Mon, 11 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References		https://support.apple.com/en-us/127110 https://support.apple.com/en-us/127111 https://support.apple.com/en-us/127115 https://support.apple.com/en-us/127118 https://support.apple.com/en-us/127119 https://support.apple.com/en-us/127120

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-05-11T20:07:44.866Z

Updated: 2026-05-13T19:58:45.369Z

Reserved: 2026-03-03T16:36:03.983Z

Link: CVE-2026-28903

Vulnrichment

Updated: 2026-05-13T14:00:08.285Z

NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:53.113

Modified: 2026-05-13T21:16:42.400

Link: CVE-2026-28903

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object