CVEFinder.io

CVE-2026-28907

⚠️ high
🔍 Scan for this CVE
Summary

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVSS Score
8.1
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-11
First Seen: 2026-05-12
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.6% of all 321,845 vulnerabilities in our database.

#72,072
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-20 CWE-116

📦 Affected Products 8

Vendor Product Status Affected Versions
apple iphone_os Affected
< 18.7.9
apple iphone_os Affected
> 26.0 < 26.5
apple watchos Affected
< 26.5
apple tvos Affected
< 26.5
apple ipados Affected
< 18.7.9
apple ipados Affected
> 26.0 < 26.5
apple macos Affected
> 26.0 < 26.5
apple visionos Affected
< 26.5

🔗 References 7

https://support.apple.com/en-us/127110
Release Notes Vendor Advisory
https://support.apple.com/en-us/127111
Release Notes Vendor Advisory
https://support.apple.com/en-us/127115
Release Notes Vendor Advisory
https://support.apple.com/en-us/127118
Release Notes Vendor Advisory
https://support.apple.com/en-us/127119
Release Notes Vendor Advisory
https://support.apple.com/en-us/127120
Release Notes Vendor Advisory
https://support.apple.com/en-us/127121
Release Notes Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28847 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,... 2026-05-11
CVE-2026-28873 ⚠️ high 7.5 0.0 This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26... 2026-05-11
CVE-2026-28902 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac... 2026-05-11
CVE-2026-28903 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,... 2026-05-11
CVE-2026-28920 🔶 medium 6.5 0.1 An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iO... 2026-05-11
CVE-2026-28936 ⚠️ high 7.5 0.1 The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 2... 2026-05-11
These CVEs affect the same products