Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Safari: Malicious websites can disable security settings
CVE-2026-20665
Summary
Malicious websites could potentially bypass Safari's security features, allowing them to act in unintended ways. This issue has been fixed in the latest versions of Safari and other Apple operating systems. To stay protected, make sure your devices are running the latest software.
Original title
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, w...
Original description
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Published: 25 Mar 2026 · Updated: 25 Mar 2026 · First seen: 25 Mar 2026