CVE-2026-20652
Published: March 20, 2026Last modified: April 27, 2026
Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Liberica JDK | 8 | jdk-full | Fixed (8u492+9) |
| jre-full | Fixed (8u492+9) | ||
| 11 | jdk-full | Fixed (11.0.31+11) | |
| jre-full | Fixed (11.0.31+11) | ||
| 17 | jdk-full | Fixed (17.0.19+11) | |
| jre-full | Fixed (17.0.19+11) | ||
| 21 | jdk-full | Fixed (21.0.11+11) | |
| jre-full | Fixed (21.0.11+11) | ||
| 25 | jdk-full | Fixed (25.0.3+11) | |
| jre-full | Fixed (25.0.3+11) | ||
| 26 | jdk-full | Fixed (26.0.1+10) | |
| jre-full | Fixed (26.0.1+10) |
References
- https://support.apple.com/en-us/126346
- https://support.apple.com/en-us/126347
- https://support.apple.com/en-us/126348
- https://support.apple.com/en-us/126353
- https://support.apple.com/en-us/126354