A vulnerability marked as problematic has been reported in Apple Safari, iOS, iPadOS and macOS up to 26.5.1. Affected by this issue is some unknown functionality of the component Website Handler. This manipulation causes permissive cross-domain policy with untrusted domains.
The identification of this vulnerability is CVE-2026-43735. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.