CVE-2026-39872 - Vulnerability Details

CVE-2026-39872 - Improper Memory Handling in Safari, iOS, and macOS Allows Malicious Web Content to Cause Process Crashes

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ios And Ipados Macos Safari

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Apple	Ios And Ipados Macos Safari

References

Link	Providers
https://support.apple.com/en-us/127594
https://support.apple.com/en-us/127595
https://support.apple.com/en-us/127685

History

Tue, 30 Jun 2026 03:00:00 +0000

Type	Values Removed	Values Added
Title		Improper Memory Handling in Safari, iOS, and macOS Allows Malicious Web Content to Cause Process Crashes

Tue, 30 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios And Ipados Apple macos Apple safari
Vendors & Products		Apple Apple ios And Ipados Apple macos Apple safari

Tue, 30 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title	Safari, iOS, iPadOS, and macOS Crash from Malicious Web Content Due to Improper Memory Handling
Weaknesses	CWE-787

Mon, 29 Jun 2026 22:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 29 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Title		Safari, iOS, iPadOS, and macOS Crash from Malicious Web Content Due to Improper Memory Handling
Weaknesses		CWE-119 CWE-787

Mon, 29 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References		https://support.apple.com/en-us/127594 https://support.apple.com/en-us/127595 https://support.apple.com/en-us/127685

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-06-29T19:43:09.579Z

Updated: 2026-06-29T21:46:17.113Z

Reserved: 2026-04-07T19:58:20.173Z

Link: CVE-2026-39872

Vulnrichment

Updated: 2026-06-29T21:46:13.180Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-30T02:45:05Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object