CVE-2026-28861 | Apple Safari/iOS/iPadOS/macOS/visionOS up to 26.3 Script Message state issue

A vulnerability has been found in Apple Safari, iOS, iPadOS, macOS and visionOS up to 26.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Script Message Handler. This manipulation causes state issue.

This vulnerability is tracked as CVE-2026-28861. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More