{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20643", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-11-11T14:43:07.862Z", "datePublished": "2026-03-17T22:29:48.227Z", "dateUpdated": "2026-03-17T22:29:48.227Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may bypass Same Origin Policy"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.3.2 (a)", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.3.1 (a)", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.3.1 (a)", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "26.3.1 (a)", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy."}], "references": [{"url": "https://support.apple.com/en-us/126604"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-17T22:29:48.227Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy."}], "id": "CVE-2026-20643", "lastModified": "2026-03-17T23:16:17.193", "metrics": {}, "published": "2026-03-17T23:16:17.193", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126604"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Received"}

{}

{}