CVEFinder.io

CVE-2026-28920

🔶 medium
🔍 Scan for this CVE
Summary

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.

CVSS Score
6.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-11
First Seen: 2026-05-12
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.9% of all 321,845 vulnerabilities in our database.

#167,827
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-200

📦 Affected Products 10

Vendor Product Status Affected Versions
apple iphone_os Affected
< 18.7.9
apple iphone_os Affected
> 26.0 < 26.5
apple watchos Affected
< 26.5
apple tvos Affected
< 26.5
apple ipados Affected
< 18.7.9
apple ipados Affected
> 26.0 < 26.5
apple macos Affected
> 14.0 < 14.8.7
apple macos Affected
> 15.0 < 15.7.7
apple macos Affected
> 26.0 < 26.5
apple visionos Affected
< 26.5

🔗 References 8

https://support.apple.com/en-us/127110
Release Notes Vendor Advisory
https://support.apple.com/en-us/127111
Release Notes Vendor Advisory
https://support.apple.com/en-us/127115
Release Notes Vendor Advisory
https://support.apple.com/en-us/127116
Release Notes Vendor Advisory
https://support.apple.com/en-us/127117
Release Notes Vendor Advisory
https://support.apple.com/en-us/127118
Release Notes Vendor Advisory
https://support.apple.com/en-us/127119
Release Notes Vendor Advisory
https://support.apple.com/en-us/127120
Release Notes Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28847 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,... 2026-05-11
CVE-2026-28873 ⚠️ high 7.5 0.0 This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26... 2026-05-11
CVE-2026-28902 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, mac... 2026-05-11
CVE-2026-28903 🔶 medium 6.5 0.0 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9,... 2026-05-11
CVE-2026-28907 ⚠️ high 8.1 0.1 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9... 2026-05-11
CVE-2026-28936 ⚠️ high 7.5 0.1 The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 2... 2026-05-11
These CVEs affect the same products