Apple WebKit Same Origin Policy Bypass Vulnerability

Vulnerability

A logic vulnerability in WebKit, the engine powering Safari, was addressed with improved state management. This issue allows a malicious website to access script message handlers meant for other origins, potentially leading to cross-origin information leakage. The vulnerability is present in WebKit components of Safari, iOS, iPadOS, macOS Tahoe, and visionOS, all in version 26.4.

Impact

Exploitation of this vulnerability could lead to cross-origin information leakage, allowing a malicious website to access sensitive data from another origin's script message handlers.

Added: Mar 25, 2026, 1:56 AM

Updated: Mar 25, 2026, 1:56 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Same Origin Policy Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating