Security Vulnerability Report
中文
CVE-2026-20665 CVSS 6.5 MEDIUM

CVE-2026-20665

Published: 2026-03-25 01:17:05
Last Modified: 2026-03-25 21:54:07
Source: [email protected]

Description

This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.4
iOS < 18.7.7
iPadOS < 18.7.7
iOS < 26.4
iPadOS < 26.4
macOS Tahoe < 26.4
tvOS < 26.4
visionOS < 26.4
watchOS < 26.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-20665: Conceptual CSP Bypass --> <!-- This PoC demonstrates a scenario where CSP might fail to block a script --> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self';"> <title>CVE-2026-20665 PoC</title> </head> <body> <h1>CSP Bypass Test</h1> <!-- In a vulnerable version, the following might execute despite CSP --> <script> // Malicious payload that should be blocked by CSP console.log("CSP Bypassed: " + document.cookie); alert("Potential CSP bypass detected if alert appears."); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-20665", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:05.050", "lastModified": "2026-03-25T21:54:07.070", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."}, {"lang": "es", "value": "Este problema se abordó mediante una gestión de estado mejorada. Este problema se solucionó en Safari 26.4, iOS 18.7.7 y iPadOS 18.7.7, iOS 26.4 y iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. El procesamiento de contenido web creado con fines maliciosos puede impedir que se aplique la Política de Seguridad de Contenido."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-693"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "993386B4-0570-414F-B4A6-3E65F5704903"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.7", "matchCriteriaId": "118313FD-8CF6-4412-B1A8-4BC3D5C2F519"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.4", "matchCriteriaId": "F201257D-2F7C-43AA-BD51-ED5EC98F99E0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.7", "matchCriteriaId": "684E10EB-D01A-4E80-8764-B48B554B0B5E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.4", "matchCriteriaId": "F7F08C35-7A60-4FEC-8D44-533902F43EDD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "DCFD15D9-91CA-4342-9F7E-A219B459B755"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "A906E2B7-B83B-4AD0-B00F-BEDEF2EDB844"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "113B9705-BFF0-4357-B1AB-F57052F32361"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "F6EAF0A5-7CFF-4EF6-9BC7-DB25B213F753"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126792", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126793", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126797", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126798", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126799", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126800", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.