PatchSiren cyber security CVE debrief
CVE-2026-20652 Apple CVE debrief
CVE-2026-20652 is a denial-of-service vulnerability in Apple Safari. The issue was addressed with improved memory handling. This vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. A remote attacker may be able to cause a denial-of-service. The CVE was published on 2026-02-11 and modified on 2026-06-30.
- Vendor
- Apple
- Product
- Safari
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-11
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-11
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Apple Safari, iOS, iPadOS, macOS, and visionOS should apply the patches to prevent potential denial-of-service attacks. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. Users of affected products should prioritize patching to mitigate the risk.
Technical summary
The vulnerability, CVE-2026-20652, is caused by improper memory handling in Apple Safari. This issue was fixed in various Apple products, including Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3. The vulnerability allows a remote attacker to potentially cause a denial-of-service. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Defensive priority
Patching is the primary recommended action for CVE-2026-20652. Apply the available patches for Safari, iOS, iPadOS, macOS, and visionOS to prevent potential exploitation.
Recommended defensive actions
- Apply patches for Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3.
- Ensure all affected Apple products are updated to the latest versions.
- Monitor network traffic and system logs for potential denial-of-service attacks.
- Implement additional security measures, such as network segmentation and access controls, to reduce the attack surface.
- Regularly review and update vulnerability management processes to ensure timely patching of known vulnerabilities.
Evidence notes
The CVE-2026-20652 record was obtained from the official CVE database and the National Vulnerability Database (NVD). The information was last modified on 2026-06-30. Multiple references are provided, including vendor advisories and errata from Red Hat.
Official resources
-
CVE-2026-20652 CVE record
CVE.org
-
CVE-2026-20652 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus and is intended for informational purposes only.