CVE-2026-28857

CVE-2026-28857

• CWE-125 — CWE-125 Out-of-bounds Read
• CWE-787 — CWE-787 Out-of-bounds Write
• CWE-416 — CWE-416 Use After Free

• Apple / Safari — v=0 <26.4 [affected]
• Apple / iOS and iPadOS — v=0 <26.4 [affected]
• Apple / macOS — v=0 <26.4 [affected]
• Apple / visionOS — v=0 <26.4 [affected]

• (none)

• https://support.apple.com/en-us/126792
• https://support.apple.com/en-us/126794
• https://support.apple.com/en-us/126799
• https://support.apple.com/en-us/126800