Cyber Resilience

CVE-2026-43705

High

Published: 29 June 2026

Published
29 June 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0027 19.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-43705 is a high-severity Type Confusion (CWE-843) vulnerability in Apple Safari. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Type confusion in WebKit/Safari enables memory corruption via malicious web content, directly mapping to client-side exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24213Same product: Apple Ipados
CVE-2023-23529Same product: Apple Ipados
CVE-2025-24137Same product: Apple Ipados
CVE-2024-23222Same product: Apple Ipados
CVE-2022-42856Same product: Apple Ipados
CVE-2026-20644Same product: Apple Ipados
CVE-2023-43010Same product: Apple Ipados
CVE-2025-43300Same product: Apple Ipados
CVE-2023-41060Same product: Apple Ipados
CVE-2025-24150Same product: Apple Ipados

Affected Assets

apple
safari
≤ 26.5.2
apple
ipados
≤ 26.5.2
apple
iphone os
≤ 26.5.2
apple
macos
≤ 26.5.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References