Vulnerability-Lookup

CVE-2026-28859 (GCVE-0-2026-28859)

Vulnerability from cvelistv5 – Published: 2026-03-25 00:32 – Updated: 2026-04-02 18:19

Summary

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

A malicious website may be able to process restricted web content outside the sandbox

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/en-us/126792
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126797
https://support.apple.com/en-us/126798
https://support.apple.com/en-us/126799
https://support.apple.com/en-us/126800

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 26.4 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 26.4 (custom)
Apple	macOS	Affected: 0 , < 26.4 (custom)
Apple	tvOS	Affected: 0 , < 26.4 (custom)
Apple	visionOS	Affected: 0 , < 26.4 (custom)
Apple	watchOS	Affected: 0 , < 26.4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28859",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:29:45.173180Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:29:48.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious website may be able to process restricted web content outside the sandbox",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:19:42.954Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/126792"
        },
        {
          "url": "https://support.apple.com/en-us/126794"
        },
        {
          "url": "https://support.apple.com/en-us/126797"
        },
        {
          "url": "https://support.apple.com/en-us/126798"
        },
        {
          "url": "https://support.apple.com/en-us/126799"
        },
        {
          "url": "https://support.apple.com/en-us/126800"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2026-28859",
    "datePublished": "2026-03-25T00:32:24.848Z",
    "dateReserved": "2026-03-03T16:36:03.972Z",
    "dateUpdated": "2026-04-02T18:19:42.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-28859",
      "date": "2026-05-27",
      "epss": "0.00043",
      "percentile": "0.13333"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-28859\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-03-25T01:17:10.023\",\"lastModified\":\"2026-03-25T21:54:26.793\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"993386B4-0570-414F-B4A6-3E65F5704903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"F813DB63-2B55-4E0B-9073-5465C65F69D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"01612D13-BE5B-43F8-B53E-5BF57F2A5B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"DCFD15D9-91CA-4342-9F7E-A219B459B755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"A906E2B7-B83B-4AD0-B00F-BEDEF2EDB844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"113B9705-BFF0-4357-B1AB-F57052F32361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.4\",\"matchCriteriaId\":\"F6EAF0A5-7CFF-4EF6-9BC7-DB25B213F753\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/126792\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126794\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126797\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126798\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126799\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126800\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28859\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-25T19:29:45.173180Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-25T19:29:26.282Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.4\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/126792\"}, {\"url\": \"https://support.apple.com/en-us/126794\"}, {\"url\": \"https://support.apple.com/en-us/126797\"}, {\"url\": \"https://support.apple.com/en-us/126798\"}, {\"url\": \"https://support.apple.com/en-us/126799\"}, {\"url\": \"https://support.apple.com/en-us/126800\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"A malicious website may be able to process restricted web content outside the sandbox\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-03-25T00:32:24.848Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-28859\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-25T19:29:48.410Z\", \"dateReserved\": \"2026-03-03T16:36:03.972Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-03-25T00:32:24.848Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

alsa-2026:10702

Vulnerability from osv_almalinux

Published

2026-04-27 00:00

Modified

2026-04-28 13:23

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:10702	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-43213	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43214	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43457	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43511	REPORT
	https://access.redhat.com/security/cve/CVE-2025-46299	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20608	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20635	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20636	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20643	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20644	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20652	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20664	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20665	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20676	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20691	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28857	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28859	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28871	REPORT
	https://bugzilla.redhat.com/2448781	REPORT
	https://bugzilla.redhat.com/2448782	REPORT
	https://bugzilla.redhat.com/2448786	REPORT
	https://bugzilla.redhat.com/2448787	REPORT
	https://bugzilla.redhat.com/2448788	REPORT
	https://bugzilla.redhat.com/2448789	REPORT
	https://bugzilla.redhat.com/2448790	REPORT
	https://bugzilla.redhat.com/2448791	REPORT
	https://bugzilla.redhat.com/2448792	REPORT
	https://bugzilla.redhat.com/2448793	REPORT
	https://bugzilla.redhat.com/2448794	REPORT
	https://bugzilla.redhat.com/2453000	REPORT
	https://bugzilla.redhat.com/2453001	REPORT
	https://bugzilla.redhat.com/2453002	REPORT
	https://bugzilla.redhat.com/2453003	REPORT
	https://bugzilla.redhat.com/2453004	REPORT
	https://bugzilla.redhat.com/2453006	REPORT
	https://bugzilla.redhat.com/2453008	REPORT
	https://errata.almalinux.org/8/ALSA-2026-10702.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n  * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n  * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n  * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n  * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n  * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n  * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:10702",
  "modified": "2026-04-28T13:23:05Z",
  "published": "2026-04-27T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10702"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43213"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43214"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43457"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43511"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-46299"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20635"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20636"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20643"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20644"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20664"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20665"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20676"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20691"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28857"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28859"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28871"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448781"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448782"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448786"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448787"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448788"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448789"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448790"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448791"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453000"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453001"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453002"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453003"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453004"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453006"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453008"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-10702.html"
    }
  ],
  "related": [
    "CVE-2025-43213",
    "CVE-2025-43214",
    "CVE-2025-43457",
    "CVE-2025-43511",
    "CVE-2025-46299",
    "CVE-2026-20608",
    "CVE-2026-20635",
    "CVE-2026-20636",
    "CVE-2026-20644",
    "CVE-2026-20652",
    "CVE-2026-20676",
    "CVE-2026-20643",
    "CVE-2026-20664",
    "CVE-2026-20665",
    "CVE-2026-20691",
    "CVE-2026-28857",
    "CVE-2026-28859",
    "CVE-2026-28871"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

alsa-2026:19206

Vulnerability from osv_almalinux

Published

2026-05-19 00:00

Modified

2026-05-26 12:32

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:19206	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-43213	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43214	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43457	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43511	REPORT
	https://access.redhat.com/security/cve/CVE-2025-46299	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20608	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20635	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20636	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20643	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20644	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20652	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20664	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20665	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20676	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20691	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28857	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28859	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28871	REPORT
	https://bugzilla.redhat.com/2448781	REPORT
	https://bugzilla.redhat.com/2448782	REPORT
	https://bugzilla.redhat.com/2448786	REPORT
	https://bugzilla.redhat.com/2448787	REPORT
	https://bugzilla.redhat.com/2448788	REPORT
	https://bugzilla.redhat.com/2448789	REPORT
	https://bugzilla.redhat.com/2448790	REPORT
	https://bugzilla.redhat.com/2448791	REPORT
	https://bugzilla.redhat.com/2448792	REPORT
	https://bugzilla.redhat.com/2448793	REPORT
	https://bugzilla.redhat.com/2448794	REPORT
	https://bugzilla.redhat.com/2453000	REPORT
	https://bugzilla.redhat.com/2453001	REPORT
	https://bugzilla.redhat.com/2453002	REPORT
	https://bugzilla.redhat.com/2453003	REPORT
	https://bugzilla.redhat.com/2453004	REPORT
	https://bugzilla.redhat.com/2453006	REPORT
	https://bugzilla.redhat.com/2453008	REPORT
	https://errata.almalinux.org/9/ALSA-2026-19206.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-1.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n  * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n  * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n  * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n  * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n  * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n  * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:19206",
  "modified": "2026-05-26T12:32:37Z",
  "published": "2026-05-19T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19206"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43213"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43214"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43457"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43511"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-46299"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20635"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20636"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20643"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20644"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20664"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20665"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20676"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20691"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28857"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28859"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28871"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448781"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448782"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448786"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448787"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448788"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448789"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448790"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448791"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453000"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453001"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453002"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453003"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453004"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453006"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453008"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-19206.html"
    }
  ],
  "related": [
    "CVE-2025-43213",
    "CVE-2025-43214",
    "CVE-2025-43457",
    "CVE-2025-43511",
    "CVE-2025-46299",
    "CVE-2026-20608",
    "CVE-2026-20635",
    "CVE-2026-20636",
    "CVE-2026-20644",
    "CVE-2026-20652",
    "CVE-2026-20676",
    "CVE-2026-20643",
    "CVE-2026-20664",
    "CVE-2026-20665",
    "CVE-2026-20691",
    "CVE-2026-28857",
    "CVE-2026-28859",
    "CVE-2026-28871"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

alsa-2026:9692

Vulnerability from osv_almalinux

Published

2026-04-22 00:00

Modified

2026-04-24 10:02

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:9692	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-43213	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43214	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43457	REPORT
	https://access.redhat.com/security/cve/CVE-2025-43511	REPORT
	https://access.redhat.com/security/cve/CVE-2025-46299	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20608	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20635	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20636	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20643	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20644	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20652	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20664	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20665	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20676	REPORT
	https://access.redhat.com/security/cve/CVE-2026-20691	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28857	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28859	REPORT
	https://access.redhat.com/security/cve/CVE-2026-28871	REPORT
	https://bugzilla.redhat.com/2448781	REPORT
	https://bugzilla.redhat.com/2448782	REPORT
	https://bugzilla.redhat.com/2448786	REPORT
	https://bugzilla.redhat.com/2448787	REPORT
	https://bugzilla.redhat.com/2448788	REPORT
	https://bugzilla.redhat.com/2448789	REPORT
	https://bugzilla.redhat.com/2448790	REPORT
	https://bugzilla.redhat.com/2448791	REPORT
	https://bugzilla.redhat.com/2448792	REPORT
	https://bugzilla.redhat.com/2448793	REPORT
	https://bugzilla.redhat.com/2448794	REPORT
	https://bugzilla.redhat.com/2453000	REPORT
	https://bugzilla.redhat.com/2453001	REPORT
	https://bugzilla.redhat.com/2453002	REPORT
	https://bugzilla.redhat.com/2453003	REPORT
	https://bugzilla.redhat.com/2453004	REPORT
	https://bugzilla.redhat.com/2453006	REPORT
	https://bugzilla.redhat.com/2453008	REPORT
	https://errata.almalinux.org/9/ALSA-2026-9692.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-0.el9_7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-0.el9_7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-0.el9_7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.52.3-0.el9_7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n  * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n  * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n  * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n  * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n  * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n  * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:9692",
  "modified": "2026-04-24T10:02:57Z",
  "published": "2026-04-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:9692"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43213"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43214"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43457"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43511"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-46299"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20635"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20636"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20643"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20644"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20652"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20664"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20665"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20676"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-20691"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28857"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28859"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-28871"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448781"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448782"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448786"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448787"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448788"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448789"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448790"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448791"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453000"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453001"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453002"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453003"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453004"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453006"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453008"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-9692.html"
    }
  ],
  "related": [
    "CVE-2025-43213",
    "CVE-2025-43214",
    "CVE-2025-43457",
    "CVE-2025-43511",
    "CVE-2025-46299",
    "CVE-2026-20608",
    "CVE-2026-20635",
    "CVE-2026-20636",
    "CVE-2026-20644",
    "CVE-2026-20652",
    "CVE-2026-20676",
    "CVE-2026-20643",
    "CVE-2026-20664",
    "CVE-2026-20665",
    "CVE-2026-20691",
    "CVE-2026-28857",
    "CVE-2026-28859",
    "CVE-2026-28871"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

CERTFR-2026-AVI-0355

Vulnerability from certfr_avis - Published: 2026-03-25 - Updated: 2026-03-25

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	iOS	iOS versions antérieures à 26.4
Apple	iPadOS	iPadOS versions antérieures à 26.4
Apple	iPadOS	iPadOS versions antérieures à 18.7.7
Apple	Xcode	Xcode versions antérieures à 26.4
Apple	visionOS	visionOS versions antérieures à 26.4
Apple	watchOS	watchOS versions antérieures à 26.4
Apple	macOS	macOS Tahoe versions antérieures à 26.4
Apple	macOS	macOS Sonoma versions antérieures à 14.8.5
Apple	Safari	Safari versions antérieures à 26.4
Apple	macOS	macOS Sequoia versions antérieures à 15.7.5
Apple	tvOS	tvOS versions antérieures à 26.4
Apple	iOS	iOS versions antérieures à 18.7.7

References

Title

Publication Time

CNVD-2026-17912

Vulnerability from cnvd - Published: 2026-04-21

Title

多款Apple产品存在未明漏洞（CNVD-2026-17912）

Description

Apple Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。多款Apple产品存在安全漏洞。攻击者可利用该漏洞可能导致恶意网站在沙箱外处理受限Web内容。

Severity

中

Patch Name

多款Apple产品存在未明漏洞（CNVD-2026-17912）的补丁

Patch Description

Apple Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。多款Apple产品存在安全漏洞。攻击者可利用该漏洞可能导致恶意网站在沙箱外处理受限Web内容。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/126792

Reference

https://support.apple.com/en-us/126792

Impacted products

Name
['Apple iPadOS <26.4', 'Apple macOS Tahoe <26.4', 'Apple Safari <26.4', 'Apple iOS <26.4', 'Apple tvOS <26.4', 'Apple visionOS <26.4', 'Apple watchOS <26.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-28859",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
    }
  },
  "description": "Apple Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u6076\u610f\u7f51\u7ad9\u5728\u6c99\u7bb1\u5916\u5904\u7406\u53d7\u9650Web\u5185\u5bb9\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/126792",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-17912",
  "openTime": "2026-04-21",
  "patchDescription": "Apple Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u6076\u610f\u7f51\u7ad9\u5728\u6c99\u7bb1\u5916\u5904\u7406\u53d7\u9650Web\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2026-17912\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iPadOS \u003c26.4",
      "Apple macOS Tahoe \u003c26.4",
      "Apple Safari \u003c26.4",
      "Apple iOS \u003c26.4",
      "Apple tvOS \u003c26.4",
      "Apple visionOS \u003c26.4",
      "Apple watchOS \u003c26.4"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/126792",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-31",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2026-17912\uff09"
}

FKIE_CVE-2026-28859

Vulnerability from fkie_nvd - Published: 2026-03-25 01:17 - Updated: 2026-03-25 21:54

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/126792	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/126794	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/126797	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/126798	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/126799	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/126800	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*
apple	visionos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "993386B4-0570-414F-B4A6-3E65F5704903",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F813DB63-2B55-4E0B-9073-5465C65F69D6",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01612D13-BE5B-43F8-B53E-5BF57F2A5B0C",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFD15D9-91CA-4342-9F7E-A219B459B755",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A906E2B7-B83B-4AD0-B00F-BEDEF2EDB844",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "113B9705-BFF0-4357-B1AB-F57052F32361",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EAF0A5-7CFF-4EF6-9BC7-DB25B213F753",
              "versionEndExcluding": "26.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox."
    },
    {
      "lang": "es",
      "value": "El problema se abord\u00f3 con una gesti\u00f3n de memoria mejorada. Este problema est\u00e1 solucionado en Safari 26.4, iOS 26.4 y iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Un sitio web malicioso podr\u00eda procesar contenido web restringido fuera de la sandbox."
    }
  ],
  "id": "CVE-2026-28859",
  "lastModified": "2026-03-25T21:54:26.793",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-25T01:17:10.023",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126792"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126794"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126797"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126798"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126799"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126800"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-416"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-Q74V-RXG6-M2W6

Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-25 21:30

Details

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-28859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T01:17:10Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.",
  "id": "GHSA-q74v-rxg6-m2w6",
  "modified": "2026-03-25T21:30:30Z",
  "published": "2026-03-25T03:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126792"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126794"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126797"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126798"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126799"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126800"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2026-0101

Vulnerability from csaf_ncscnl - Published: 2026-03-25 14:02 - Updated: 2026-03-25 14:02

Summary

Kwetsbaarheden verholpen in Apple iOS en iPadOS

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Apple heeft meerdere kwetsbaarheden verholpen in iOS en iPadOS.

Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals onjuist padbeheer, geheugenbeheer, en onvoldoende validatie van invoer, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte applicatie-terminaties, en andere beveiligingsrisico's. Aanvallers kunnen deze kwetsbaarheden misbruiken door bijvoorbeeld kwaadaardige webinhoud te verwerken of door gebruik te maken van onvoldoende beveiligde applicaties. De kwetsbaarheden zijn opgelost door verbeterde validatie- en beveiligingsmechanismen in de betrokken besturingssystemen.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-275: Permission Issues

CWE-287: Improper Authentication

CWE-371: State Issues

CWE-404: Improper Resource Shutdown or Release

CWE-416: Use After Free

CWE-476: NULL Pointer Dereference

CWE-522: Insufficiently Protected Credentials

CWE-532: Insertion of Sensitive Information into Log File

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVE-2025-14524

A vulnerability in libcurl versions 7.33.0 to 8.17.0 causes OAuth2 bearer tokens to be unintentionally leaked during cross-protocol redirects involving IMAP, LDAP, POP3, or SMTP schemes, potentially exposing sensitive information.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-522 - Insufficiently Protected Credentials

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43376

A logic issue affecting state management in multiple Apple OS versions was fixed to prevent remote attackers from viewing leaked DNS queries when Private Relay is enabled.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43534

An improved validation fixed a path handling vulnerability in iOS 18.7.7, iPadOS 18.7.7, iOS 26.2, and iPadOS 26.2 that could allow a user with physical access to bypass Activation Lock.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-64505

Multiple vulnerabilities in libpng, including heap buffer overflows and over-reads in functions like png_do_quantize, affect various products including NetApp and Apple software, alongside a separate Oracle MySQL Workbench flaw allowing unauthorized data modification or denial of service.

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20657

Improved memory handling in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5 fixed an issue where parsing a maliciously crafted file could cause unexpected app termination.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20665

Apple fixed a vulnerability in multiple operating systems and Safari versions 26.4 and iOS/iPadOS 18.7.7 where malicious web content could bypass Content Security Policy enforcement due to improper state management.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20668

A logging issue affecting iOS, iPadOS, macOS, and visionOS was fixed by enhancing data redaction to prevent apps from accessing sensitive user information.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20687

A use after free vulnerability in multiple Apple operating systems was fixed by improving memory management to prevent apps from causing unexpected system termination or writing to kernel memory.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20688

A path handling vulnerability allowing applications to potentially escape their sandbox was fixed through improved validation in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, and visionOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20690

An out-of-bounds access vulnerability in Apple operating systems was fixed by improving bounds checking to prevent process termination caused by maliciously crafted audio streams.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20691

An authorization vulnerability in Safari 26.4 and related OS versions was resolved by enhancing state management to prevent malicious webpages from fingerprinting users.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20692

A privacy issue affecting user preferences for mail content handling, specifically the 'Hide IP Address' and 'Block All Remote Content' features, was fixed in iOS 26.4, iPadOS 26.4, and various macOS versions.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20698

A memory handling vulnerability in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4 could allow an app to cause unexpected system termination or kernel memory corruption, which was resolved through improved memory management.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28822

A type confusion vulnerability related to memory handling in multiple Apple operating systems could allow an attacker to cause unexpected application termination.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28833

A permissions issue allowing apps to enumerate a user’s installed applications was fixed by implementing additional restrictions in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28852

A stack overflow vulnerability allowing denial-of-service was fixed by improving input validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28856

An authentication vulnerability allowing physical attackers to access sensitive user information on locked devices was fixed in iOS 26.4, iPadOS 26.4, visionOS 26.4, and watchOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28857

Improved memory handling in Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4 fixed an issue where processing maliciously crafted web content could cause unexpected process crashes.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28858

A buffer overflow vulnerability in iOS 26.4 and iPadOS 26.4 was fixed by improved bounds checking to prevent remote system termination or kernel memory corruption.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28859

A memory handling vulnerability in Safari 26.4 and related OS versions was fixed, preventing malicious websites from processing restricted web content outside the sandbox environment.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28861

A logic issue in state management was fixed across multiple Apple operating systems to prevent malicious websites from accessing script message handlers intended for other origins.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28863

A permissions issue allowing apps to fingerprint users was fixed by adding restrictions in iOS 26.4, iPadOS 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28864

Apple addressed a vulnerability in iOS, iPadOS, macOS, visionOS, and watchOS by enhancing permissions checks to prevent local attackers from accessing users' Keychain items.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28865

An authentication vulnerability in multiple Apple operating systems was addressed by improving state management to prevent attackers in privileged network positions from intercepting network traffic.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28866

Multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, iPadOS 26.4, and various macOS versions addressed a vulnerability where improper symlink validation allowed apps to access sensitive user data.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28867

A vulnerability allowing apps to potentially leak sensitive kernel state was fixed through improved authentication in multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, and macOS Sequoia 15.7.5.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28868

A logging issue in multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS was fixed by improving data redaction to prevent apps from disclosing kernel memory.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28870

An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed through additional validation in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28871

A logic issue in Safari, iOS, iPadOS, and macOS was fixed through improved checks to prevent cross-site scripting attacks from malicious websites.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28874

iOS 26.4 and iPadOS 26.4 addressed an issue where improved validation checks prevent remote attackers from causing unexpected app termination.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28875

A buffer overflow vulnerability in iOS 26.4 and iPadOS 26.4 was fixed by implementing improved bounds checking to prevent remote denial-of-service attacks.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28876

A parsing issue in directory path handling was fixed by improving path validation across multiple OS versions to prevent unauthorized app access to sensitive user data.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28877

An authorization vulnerability allowing apps to potentially access sensitive user data was resolved by enhancing state management in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28878

Apple addressed a privacy vulnerability that allowed apps to enumerate installed applications by removing sensitive data in updates to iOS 18.7.7, iPadOS 18.7.7, macOS Sonoma 14.8.5, and other operating systems.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28879

A use-after-free vulnerability causing potential process crashes when handling malicious web content was fixed through improved memory management in multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28880

Multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS addressed a permissions issue by implementing additional restrictions to prevent apps from enumerating a user’s installed applications.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28882

An issue allowing apps to enumerate a user's installed applications was resolved through enhanced verification mechanisms in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28886

A null pointer dereference vulnerability allowing a privileged network user to cause denial-of-service was fixed via improved input validation in multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28894

A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was addressed by improved input validation to prevent remote attackers from causing service disruptions.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-28895

iOS and iPadOS 16.4 fixed a vulnerability allowing attackers with physical access to bypass biometrics-gated Protected Apps by using the passcode on devices with Stolen Device Protection enabled through improved verification checks.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

References

42 references

URL	Category
https://support.apple.com/en-us/126792	external
https://support.apple.com/en-us/126793	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft meerdere kwetsbaarheden verholpen in iOS en iPadOS.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten verschillende problemen zoals onjuist padbeheer, geheugenbeheer, en onvoldoende validatie van invoer, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte applicatie-terminaties, en andere beveiligingsrisico\u0027s. Aanvallers kunnen deze kwetsbaarheden misbruiken door bijvoorbeeld kwaadaardige webinhoud te verwerken of door gebruik te maken van onvoldoende beveiligde applicaties. De kwetsbaarheden zijn opgelost door verbeterde validatie- en beveiligingsmechanismen in de betrokken besturingssystemen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Permission Issues",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "State Issues",
        "title": "CWE-371"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Insufficiently Protected Credentials",
        "title": "CWE-522"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126792"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126793"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
    "tracking": {
      "current_release_date": "2026-03-25T14:02:07.392994Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0101",
      "initial_release_date": "2026-03-25T14:02:07.392994Z",
      "revision_history": [
        {
          "date": "2026-03-25T14:02:07.392994Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14524",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficiently Protected Credentials",
          "title": "CWE-522"
        },
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        },
        {
          "category": "description",
          "text": "A vulnerability in libcurl versions 7.33.0 to 8.17.0 causes OAuth2 bearer tokens to be unintentionally leaked during cross-protocol redirects involving IMAP, LDAP, POP3, or SMTP schemes, potentially exposing sensitive information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14524 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14524.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-14524"
    },
    {
      "cve": "CVE-2025-43376",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue affecting state management in multiple Apple OS versions was fixed to prevent remote attackers from viewing leaked DNS queries when Private Relay is enabled.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43376 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43376.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-43376"
    },
    {
      "cve": "CVE-2025-43534",
      "notes": [
        {
          "category": "description",
          "text": "An improved validation fixed a path handling vulnerability in iOS 18.7.7, iPadOS 18.7.7, iOS 26.2, and iPadOS 26.2 that could allow a user with physical access to bypass Activation Lock.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43534 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43534.json"
        }
      ],
      "title": "CVE-2025-43534"
    },
    {
      "cve": "CVE-2025-64505",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in libpng, including heap buffer overflows and over-reads in functions like png_do_quantize, affect various products including NetApp and Apple software, alongside a separate Oracle MySQL Workbench flaw allowing unauthorized data modification or denial of service.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64505 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64505.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-64505"
    },
    {
      "cve": "CVE-2026-20657",
      "notes": [
        {
          "category": "description",
          "text": "Improved memory handling in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5 fixed an issue where parsing a maliciously crafted file could cause unexpected app termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20657 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20657.json"
        }
      ],
      "title": "CVE-2026-20657"
    },
    {
      "cve": "CVE-2026-20665",
      "notes": [
        {
          "category": "description",
          "text": "Apple fixed a vulnerability in multiple operating systems and Safari versions 26.4 and iOS/iPadOS 18.7.7 where malicious web content could bypass Content Security Policy enforcement due to improper state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20665 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20665.json"
        }
      ],
      "title": "CVE-2026-20665"
    },
    {
      "cve": "CVE-2026-20668",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue affecting iOS, iPadOS, macOS, and visionOS was fixed by enhancing data redaction to prevent apps from accessing sensitive user information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20668 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20668.json"
        }
      ],
      "title": "CVE-2026-20668"
    },
    {
      "cve": "CVE-2026-20687",
      "notes": [
        {
          "category": "description",
          "text": "A use after free vulnerability in multiple Apple operating systems was fixed by improving memory management to prevent apps from causing unexpected system termination or writing to kernel memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20687 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20687.json"
        }
      ],
      "title": "CVE-2026-20687"
    },
    {
      "cve": "CVE-2026-20688",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing applications to potentially escape their sandbox was fixed through improved validation in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, and visionOS 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20688 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20688.json"
        }
      ],
      "title": "CVE-2026-20688"
    },
    {
      "cve": "CVE-2026-20690",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds access vulnerability in Apple operating systems was fixed by improving bounds checking to prevent process termination caused by maliciously crafted audio streams.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20690 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20690.json"
        }
      ],
      "title": "CVE-2026-20690"
    },
    {
      "cve": "CVE-2026-20691",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability in Safari 26.4 and related OS versions was resolved by enhancing state management to prevent malicious webpages from fingerprinting users.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20691 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20691.json"
        }
      ],
      "title": "CVE-2026-20691"
    },
    {
      "cve": "CVE-2026-20692",
      "notes": [
        {
          "category": "description",
          "text": "A privacy issue affecting user preferences for mail content handling, specifically the \u0027Hide IP Address\u0027 and \u0027Block All Remote Content\u0027 features, was fixed in iOS 26.4, iPadOS 26.4, and various macOS versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20692 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20692.json"
        }
      ],
      "title": "CVE-2026-20692"
    },
    {
      "cve": "CVE-2026-20698",
      "notes": [
        {
          "category": "description",
          "text": "A memory handling vulnerability in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4 could allow an app to cause unexpected system termination or kernel memory corruption, which was resolved through improved memory management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20698 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20698.json"
        }
      ],
      "title": "CVE-2026-20698"
    },
    {
      "cve": "CVE-2026-28822",
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability related to memory handling in multiple Apple operating systems could allow an attacker to cause unexpected application termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28822 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28822.json"
        }
      ],
      "title": "CVE-2026-28822"
    },
    {
      "cve": "CVE-2026-28833",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue allowing apps to enumerate a user\u2019s installed applications was fixed by implementing additional restrictions in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28833 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28833.json"
        }
      ],
      "title": "CVE-2026-28833"
    },
    {
      "cve": "CVE-2026-28852",
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow vulnerability allowing denial-of-service was fixed by improving input validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28852 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28852.json"
        }
      ],
      "title": "CVE-2026-28852"
    },
    {
      "cve": "CVE-2026-28856",
      "notes": [
        {
          "category": "description",
          "text": "An authentication vulnerability allowing physical attackers to access sensitive user information on locked devices was fixed in iOS 26.4, iPadOS 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28856 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28856.json"
        }
      ],
      "title": "CVE-2026-28856"
    },
    {
      "cve": "CVE-2026-28857",
      "notes": [
        {
          "category": "description",
          "text": "Improved memory handling in Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4 fixed an issue where processing maliciously crafted web content could cause unexpected process crashes.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28857 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28857.json"
        }
      ],
      "title": "CVE-2026-28857"
    },
    {
      "cve": "CVE-2026-28858",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability in iOS 26.4 and iPadOS 26.4 was fixed by improved bounds checking to prevent remote system termination or kernel memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28858 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28858.json"
        }
      ],
      "title": "CVE-2026-28858"
    },
    {
      "cve": "CVE-2026-28859",
      "notes": [
        {
          "category": "description",
          "text": "A memory handling vulnerability in Safari 26.4 and related OS versions was fixed, preventing malicious websites from processing restricted web content outside the sandbox environment.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28859 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28859.json"
        }
      ],
      "title": "CVE-2026-28859"
    },
    {
      "cve": "CVE-2026-28861",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue in state management was fixed across multiple Apple operating systems to prevent malicious websites from accessing script message handlers intended for other origins.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28861 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28861.json"
        }
      ],
      "title": "CVE-2026-28861"
    },
    {
      "cve": "CVE-2026-28863",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue allowing apps to fingerprint users was fixed by adding restrictions in iOS 26.4, iPadOS 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28863 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28863.json"
        }
      ],
      "title": "CVE-2026-28863"
    },
    {
      "cve": "CVE-2026-28864",
      "notes": [
        {
          "category": "description",
          "text": "Apple addressed a vulnerability in iOS, iPadOS, macOS, visionOS, and watchOS by enhancing permissions checks to prevent local attackers from accessing users\u0027 Keychain items.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28864 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28864.json"
        }
      ],
      "title": "CVE-2026-28864"
    },
    {
      "cve": "CVE-2026-28865",
      "notes": [
        {
          "category": "description",
          "text": "An authentication vulnerability in multiple Apple operating systems was addressed by improving state management to prevent attackers in privileged network positions from intercepting network traffic.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28865 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28865.json"
        }
      ],
      "title": "CVE-2026-28865"
    },
    {
      "cve": "CVE-2026-28866",
      "notes": [
        {
          "category": "description",
          "text": "Multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, iPadOS 26.4, and various macOS versions addressed a vulnerability where improper symlink validation allowed apps to access sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28866 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28866.json"
        }
      ],
      "title": "CVE-2026-28866"
    },
    {
      "cve": "CVE-2026-28867",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability allowing apps to potentially leak sensitive kernel state was fixed through improved authentication in multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, and macOS Sequoia 15.7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28867 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28867.json"
        }
      ],
      "title": "CVE-2026-28867"
    },
    {
      "cve": "CVE-2026-28868",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue in multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS was fixed by improving data redaction to prevent apps from disclosing kernel memory.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28868 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28868.json"
        }
      ],
      "title": "CVE-2026-28868"
    },
    {
      "cve": "CVE-2026-28870",
      "notes": [
        {
          "category": "description",
          "text": "An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed through additional validation in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28870 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28870.json"
        }
      ],
      "title": "CVE-2026-28870"
    },
    {
      "cve": "CVE-2026-28871",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue in Safari, iOS, iPadOS, and macOS was fixed through improved checks to prevent cross-site scripting attacks from malicious websites.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28871 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28871.json"
        }
      ],
      "title": "CVE-2026-28871"
    },
    {
      "cve": "CVE-2026-28874",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.4 and iPadOS 26.4 addressed an issue where improved validation checks prevent remote attackers from causing unexpected app termination.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28874 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28874.json"
        }
      ],
      "title": "CVE-2026-28874"
    },
    {
      "cve": "CVE-2026-28875",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability in iOS 26.4 and iPadOS 26.4 was fixed by implementing improved bounds checking to prevent remote denial-of-service attacks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28875 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28875.json"
        }
      ],
      "title": "CVE-2026-28875"
    },
    {
      "cve": "CVE-2026-28876",
      "notes": [
        {
          "category": "description",
          "text": "A parsing issue in directory path handling was fixed by improving path validation across multiple OS versions to prevent unauthorized app access to sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28876 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28876.json"
        }
      ],
      "title": "CVE-2026-28876"
    },
    {
      "cve": "CVE-2026-28877",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability allowing apps to potentially access sensitive user data was resolved by enhancing state management in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28877 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28877.json"
        }
      ],
      "title": "CVE-2026-28877"
    },
    {
      "cve": "CVE-2026-28878",
      "notes": [
        {
          "category": "description",
          "text": "Apple addressed a privacy vulnerability that allowed apps to enumerate installed applications by removing sensitive data in updates to iOS 18.7.7, iPadOS 18.7.7, macOS Sonoma 14.8.5, and other operating systems.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28878 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28878.json"
        }
      ],
      "title": "CVE-2026-28878"
    },
    {
      "cve": "CVE-2026-28879",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability causing potential process crashes when handling malicious web content was fixed through improved memory management in multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28879 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28879.json"
        }
      ],
      "title": "CVE-2026-28879"
    },
    {
      "cve": "CVE-2026-28880",
      "notes": [
        {
          "category": "description",
          "text": "Multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS addressed a permissions issue by implementing additional restrictions to prevent apps from enumerating a user\u2019s installed applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28880 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28880.json"
        }
      ],
      "title": "CVE-2026-28880"
    },
    {
      "cve": "CVE-2026-28882",
      "notes": [
        {
          "category": "description",
          "text": "An issue allowing apps to enumerate a user\u0027s installed applications was resolved through enhanced verification mechanisms in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28882 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28882.json"
        }
      ],
      "title": "CVE-2026-28882"
    },
    {
      "cve": "CVE-2026-28886",
      "notes": [
        {
          "category": "description",
          "text": "A null pointer dereference vulnerability allowing a privileged network user to cause denial-of-service was fixed via improved input validation in multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28886 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28886.json"
        }
      ],
      "title": "CVE-2026-28886"
    },
    {
      "cve": "CVE-2026-28894",
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was addressed by improved input validation to prevent remote attackers from causing service disruptions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28894 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28894.json"
        }
      ],
      "title": "CVE-2026-28894"
    },
    {
      "cve": "CVE-2026-28895",
      "notes": [
        {
          "category": "description",
          "text": "iOS and iPadOS 16.4 fixed a vulnerability allowing attackers with physical access to bypass biometrics-gated Protected Apps by using the passcode on devices with Stolen Device Protection enabled through improved verification checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28895 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28895.json"
        }
      ],
      "title": "CVE-2026-28895"
    }
  ]
}

NCSC-2026-0102

Vulnerability from csaf_ncscnl - Published: 2026-03-25 14:15 - Updated: 2026-03-25 14:15

Summary

Kwetsbaarheden verholpen in Apple macOS

Notes

Feiten: Apple heeft meerdere kwetsbaarheden verholpen in macOS (Specifiek voor Sequoia 15.7.5, Sonoma 14.8.5, en Tahoe 26.4).

Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals onvoldoende validatie van invoer, onjuiste afhandeling van geheugen, en problemen met machtigingen die konden leiden tot ongeautoriseerde toegang tot gevoelige gebruikersdata. Aanvallers kunnen deze kwetsbaarheden misbruiken om toegang te krijgen tot beschermde systeembestanden, gegevens te wijzigen, of zelfs de stabiliteit van het systeem in gevaar te brengen. De kwetsbaarheden zijn opgelost door verbeterde validatie- en beveiligingsmechanismen in de betrokken macOS-versies.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences

CWE-190: Integer Overflow or Wraparound

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-265: Privilege Issues

CWE-275: Permission Issues

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-287: Improper Authentication

CWE-288: Authentication Bypass Using an Alternate Path or Channel

CWE-305: Authentication Bypass by Primary Weakness

CWE-346: Origin Validation Error

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-371: State Issues

CWE-377: Insecure Temporary File

CWE-404: Improper Resource Shutdown or Release

CWE-416: Use After Free

CWE-476: NULL Pointer Dereference

CWE-522: Insufficiently Protected Credentials

CWE-532: Insertion of Sensitive Information into Log File

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CWE-918: Server-Side Request Forgery (SSRF)

CWE-942: Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2025-14524

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-522 - Insufficiently Protected Credentials

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2025-55753

Multiple vulnerabilities affect Oracle Communications Unified Assurance and Apache HTTP Server, including critical data compromise, denial of service, and issues in mod_md (ACME) components across various versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2025-58098

Multiple vulnerabilities affect Oracle Communications Unified Assurance (6.1.0-6.1.1) and Apache HTTP Server (pre-2.4.66), including issues with Server Side Includes, mod_cgid, mod_md, and mod_userdir+suexec, leading to data compromise, denial of service, and information disclosure.

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2025-59775

Multiple vulnerabilities affect Oracle Secure Backup and Apache HTTP Server, including unauthorized data modification, SSRF leading to NTLM hash leakage, and sensitive information disclosure across various versions and configurations.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2025-64505

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2025-65082

Multiple vulnerabilities affect Oracle Communications Unified Assurance (6.1.0-6.1.1) and Apache HTTP Server (2.4.0-2.4.65), including CGI environment variable overrides, improper neutralization of environment variables, and other security issues leading to data compromise and denial of service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2025-66200

Multiple vulnerabilities affect Oracle Communications Unified Assurance (6.1.0-6.1.1) and Apache HTTP Server (2.4.7-2.4.65), including privilege escalation, mod_userdir+suexec bypass, and information disclosure issues.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20607

macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed a permissions issue by implementing additional restrictions to prevent apps from accessing protected user data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20631

An elevation of privilege vulnerability in macOS Tahoe 26.4 was addressed by implementing enhanced logic checks to prevent unauthorized privilege escalation.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20632

macOS Tahoe 26.4 fixed a parsing vulnerability in directory path handling that previously allowed applications to access sensitive user data by enhancing path validation mechanisms.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20633

macOS versions Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 fixed a security issue involving symlink handling that previously allowed apps to access user-sensitive data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20637

A use after free vulnerability causing unexpected system termination was fixed by improving memory management across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20639

An integer overflow vulnerability causing potential heap corruption from processing maliciously crafted strings was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.3 by improving input validation.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20643

Multiple Apple OS updates including Safari, iOS, iPadOS, and macOS addressed a cross-origin vulnerability in the Navigation API by improving input validation to prevent bypassing the Same Origin Policy.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-346 - Origin Validation Error

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20651

A privacy vulnerability related to temporary file handling that allowed unauthorized app access to sensitive user data was resolved in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, and macOS Tahoe 26.3.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20657

Improved memory handling in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5 fixed an issue where parsing a maliciously crafted file could cause unexpected app termination.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20660

A path handling vulnerability allowing remote users to write arbitrary files was fixed in multiple Apple operating systems and Safari versions through improved logic preventing unauthorized file writes.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20664

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20665

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20668

A logging issue affecting iOS, iPadOS, macOS, and visionOS was fixed by enhancing data redaction to prevent apps from accessing sensitive user information.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20684

A permissions issue in macOS Tahoe 26.4 was fixed by implementing additional restrictions to prevent an app from bypassing Gatekeeper security checks.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20687

A use after free vulnerability in multiple Apple operating systems was fixed by improving memory management to prevent apps from causing unexpected system termination or writing to kernel memory.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20688

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20690

An out-of-bounds access vulnerability in Apple operating systems was fixed by improving bounds checking to prevent process termination caused by maliciously crafted audio streams.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20691

An authorization vulnerability in Safari 26.4 and related OS versions was resolved by enhancing state management to prevent malicious webpages from fingerprinting users.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20692

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20693

An issue allowing an attacker with root privileges to delete protected system files was resolved through improved state management in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20694

Multiple versions of iOS, iPadOS, and macOS addressed a vulnerability involving improper handling of symlinks that could allow an app to access user-sensitive data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20695

An information disclosure vulnerability allowing applications to determine kernel memory layout was fixed by improving memory management in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20697

macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed a permissions issue by implementing additional restrictions to prevent apps from accessing sensitive user data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20698

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20699

A downgrade vulnerability on Intel-based Macs allowing potential access to user-sensitive data was mitigated by enhanced code-signing restrictions in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.3/26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-20701

macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed an access issue by implementing additional sandbox restrictions to prevent apps from connecting to network shares without user consent.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28816

A path handling vulnerability allowing unauthorized file deletion was fixed through improved validation in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28817

A race condition vulnerability allowing sandboxed processes to bypass restrictions was fixed by improving state handling in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28818

A logging issue allowing apps to access sensitive user data was fixed through improved data redaction in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28820

macOS Tahoe 26.4 addressed a security issue by implementing enhanced validation checks to prevent unauthorized app access to sensitive user data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28821

A validation issue in entitlement verification that could allow an app to gain elevated privileges was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 through improved process entitlement validation.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28822

A type confusion vulnerability related to memory handling in multiple Apple operating systems could allow an attacker to cause unexpected application termination.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28823

A path handling vulnerability in macOS Tahoe 26.4 allowed applications with root privileges to delete protected system files, which was resolved through improved validation mechanisms.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28824

An authorization vulnerability allowing applications to access sensitive user data was resolved by enhancing state management in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28825

An out-of-bounds write vulnerability allowing applications to modify protected file system areas was fixed by improving bounds checking in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28826

A logic flaw in macOS Tahoe 26.4 allowed a malicious application to escape its sandbox, which was addressed by implementing enhanced sandbox restrictions.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28827

A parsing vulnerability in directory path handling that could allow an application to escape its sandbox was fixed through enhanced path validation in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28828

A permissions vulnerability allowing applications to access sensitive user data was fixed by removing the vulnerable code in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28829

macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed a permissions issue by implementing additional restrictions to prevent applications from modifying protected parts of the file system.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28831

An authorization vulnerability allowing applications to access sensitive user data was resolved by enhancing state management in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28832

An out-of-bounds read vulnerability in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 was fixed by improving bounds checking to prevent potential kernel memory disclosure by applications.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28833

A permissions issue allowing apps to enumerate a user’s installed applications was fixed by implementing additional restrictions in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28834

A race condition causing potential unexpected system termination was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 by improving state handling to address the issue.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28835

A use-after-free vulnerability in SMB network share mounting was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4, addressing a memory management flaw that could cause system termination.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28837

macOS Tahoe 26.4 addressed a logic flaw that previously allowed applications to improperly access sensitive user data by implementing enhanced validation checks.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28838

A permissions issue allowing an app to potentially escape its sandbox was fixed by implementing additional sandbox restrictions in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28839

An issue allowing applications to access sensitive user data was resolved through enhanced verification mechanisms in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28841

A buffer overflow vulnerability in macOS Tahoe 26.4 was addressed by enhancing size validation to prevent potential memory corruption and application crashes.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28842

The buffer overflow vulnerability causing memory corruption and application termination was addressed in macOS Tahoe 26.4 through enhanced bounds checking.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28844

An input validation vulnerability in macOS Tahoe 26.4 was addressed, preventing unauthorized access to the file system.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28845

An authorization vulnerability in macOS Tahoe 26.4 was addressed by enhancing state management to prevent unauthorized access to protected user data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28852

A stack overflow vulnerability allowing denial-of-service was fixed by improving input validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28857

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28859

A memory handling vulnerability in Safari 26.4 and related OS versions was fixed, preventing malicious websites from processing restricted web content outside the sandbox environment.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28861

A logic issue in state management was fixed across multiple Apple operating systems to prevent malicious websites from accessing script message handlers intended for other origins.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28862

macOS updates Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 enhance private data redaction in log entries to prevent applications from accessing sensitive user information.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28864

Apple addressed a vulnerability in iOS, iPadOS, macOS, visionOS, and watchOS by enhancing permissions checks to prevent local attackers from accessing users' Keychain items.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28865

An authentication vulnerability in multiple Apple operating systems was addressed by improving state management to prevent attackers in privileged network positions from intercepting network traffic.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28866

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28867

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28868

A logging issue in multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS was fixed by improving data redaction to prevent apps from disclosing kernel memory.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28870

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28871

A logic issue in Safari, iOS, iPadOS, and macOS was fixed through improved checks to prevent cross-site scripting attacks from malicious websites.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28876

A parsing issue in directory path handling was fixed by improving path validation across multiple OS versions to prevent unauthorized app access to sensitive user data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28877

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28878

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28879

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28880

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28881

macOS Tahoe 26.4 fixed a privacy vulnerability by relocating sensitive user data to prevent unauthorized app access.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28882

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28886

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28888

A race condition vulnerability allowing an application to potentially gain root privileges was fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4 by improving state handling.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28891

A race condition vulnerability allowing an application to potentially escape its sandbox was fixed through additional validation in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28892

A permissions vulnerability allowing applications to modify protected file system areas was fixed by removing vulnerable code in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28893

A privacy vulnerability involving the handling of temporary files during print preview was addressed in the macOS Tahoe 26.4 update.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

CVE-2026-28894

A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was addressed by improved input validation to prevent remote attackers from causing service disruptions.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / Mac OS		vers:unknown/*

References

86 references

URL	Category
https://support.apple.com/en-us/126794	external
https://support.apple.com/en-us/126795	external
https://support.apple.com/en-us/126796	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft meerdere kwetsbaarheden verholpen in macOS (Specifiek voor Sequoia 15.7.5, Sonoma 14.8.5, en Tahoe 26.4).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten verschillende problemen zoals onvoldoende validatie van invoer, onjuiste afhandeling van geheugen, en problemen met machtigingen die konden leiden tot ongeautoriseerde toegang tot gevoelige gebruikersdata. Aanvallers kunnen deze kwetsbaarheden misbruiken om toegang te krijgen tot beschermde systeembestanden, gegevens te wijzigen, of zelfs de stabiliteit van het systeem in gevaar te brengen. De kwetsbaarheden zijn opgelost door verbeterde validatie- en beveiligingsmechanismen in de betrokken macOS-versies.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Escape, Meta, or Control Sequences",
        "title": "CWE-150"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Privilege Issues",
        "title": "CWE-265"
      },
      {
        "category": "general",
        "text": "Permission Issues",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "Authentication Bypass Using an Alternate Path or Channel",
        "title": "CWE-288"
      },
      {
        "category": "general",
        "text": "Authentication Bypass by Primary Weakness",
        "title": "CWE-305"
      },
      {
        "category": "general",
        "text": "Origin Validation Error",
        "title": "CWE-346"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "State Issues",
        "title": "CWE-371"
      },
      {
        "category": "general",
        "text": "Insecure Temporary File",
        "title": "CWE-377"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Insufficiently Protected Credentials",
        "title": "CWE-522"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Permissive Cross-domain Security Policy with Untrusted Domains",
        "title": "CWE-942"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126794"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126795"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126796"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple macOS",
    "tracking": {
      "current_release_date": "2026-03-25T14:15:56.073353Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0102",
      "initial_release_date": "2026-03-25T14:15:56.073353Z",
      "revision_history": [
        {
          "date": "2026-03-25T14:15:56.073353Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Mac OS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14524",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficiently Protected Credentials",
          "title": "CWE-522"
        },
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        },
        {
          "category": "description",
          "text": "A vulnerability in libcurl versions 7.33.0 to 8.17.0 causes OAuth2 bearer tokens to be unintentionally leaked during cross-protocol redirects involving IMAP, LDAP, POP3, or SMTP schemes, potentially exposing sensitive information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14524 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14524.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-14524"
    },
    {
      "cve": "CVE-2025-55753",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance and Apache HTTP Server, including critical data compromise, denial of service, and issues in mod_md (ACME) components across various versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55753 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55753.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-55753"
    },
    {
      "cve": "CVE-2025-58098",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance (6.1.0-6.1.1) and Apache HTTP Server (pre-2.4.66), including issues with Server Side Includes, mod_cgid, mod_md, and mod_userdir+suexec, leading to data compromise, denial of service, and information disclosure.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58098 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-58098"
    },
    {
      "cve": "CVE-2025-59775",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affect Oracle Secure Backup and Apache HTTP Server, including unauthorized data modification, SSRF leading to NTLM hash leakage, and sensitive information disclosure across various versions and configurations.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59775 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59775.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-59775"
    },
    {
      "cve": "CVE-2025-64505",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in libpng, including heap buffer overflows and over-reads in functions like png_do_quantize, affect various products including NetApp and Apple software, alongside a separate Oracle MySQL Workbench flaw allowing unauthorized data modification or denial of service.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64505 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64505.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-64505"
    },
    {
      "cve": "CVE-2025-65082",
      "cwe": {
        "id": "CWE-150",
        "name": "Improper Neutralization of Escape, Meta, or Control Sequences"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Escape, Meta, or Control Sequences",
          "title": "CWE-150"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance (6.1.0-6.1.1) and Apache HTTP Server (2.4.0-2.4.65), including CGI environment variable overrides, improper neutralization of environment variables, and other security issues leading to data compromise and denial of service.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-65082 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65082.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-65082"
    },
    {
      "cve": "CVE-2025-66200",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass Using an Alternate Path or Channel",
          "title": "CWE-288"
        },
        {
          "category": "other",
          "text": "Authentication Bypass by Primary Weakness",
          "title": "CWE-305"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance (6.1.0-6.1.1) and Apache HTTP Server (2.4.7-2.4.65), including privilege escalation, mod_userdir+suexec bypass, and information disclosure issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66200 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66200.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-66200"
    },
    {
      "cve": "CVE-2026-20607",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed a permissions issue by implementing additional restrictions to prevent apps from accessing protected user data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20607 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20607.json"
        }
      ],
      "title": "CVE-2026-20607"
    },
    {
      "cve": "CVE-2026-20631",
      "notes": [
        {
          "category": "description",
          "text": "An elevation of privilege vulnerability in macOS Tahoe 26.4 was addressed by implementing enhanced logic checks to prevent unauthorized privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20631 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20631.json"
        }
      ],
      "title": "CVE-2026-20631"
    },
    {
      "cve": "CVE-2026-20632",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.4 fixed a parsing vulnerability in directory path handling that previously allowed applications to access sensitive user data by enhancing path validation mechanisms.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20632 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20632.json"
        }
      ],
      "title": "CVE-2026-20632"
    },
    {
      "cve": "CVE-2026-20633",
      "notes": [
        {
          "category": "description",
          "text": "macOS versions Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 fixed a security issue involving symlink handling that previously allowed apps to access user-sensitive data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20633 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20633.json"
        }
      ],
      "title": "CVE-2026-20633"
    },
    {
      "cve": "CVE-2026-20637",
      "notes": [
        {
          "category": "description",
          "text": "A use after free vulnerability causing unexpected system termination was fixed by improving memory management across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20637 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20637.json"
        }
      ],
      "title": "CVE-2026-20637"
    },
    {
      "cve": "CVE-2026-20639",
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow vulnerability causing potential heap corruption from processing maliciously crafted strings was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.3 by improving input validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20639 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20639.json"
        }
      ],
      "title": "CVE-2026-20639"
    },
    {
      "cve": "CVE-2026-20643",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Origin Validation Error",
          "title": "CWE-346"
        },
        {
          "category": "description",
          "text": "Multiple Apple OS updates including Safari, iOS, iPadOS, and macOS addressed a cross-origin vulnerability in the Navigation API by improving input validation to prevent bypassing the Same Origin Policy.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20643 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20643.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2026-20643"
    },
    {
      "cve": "CVE-2026-20651",
      "notes": [
        {
          "category": "description",
          "text": "A privacy vulnerability related to temporary file handling that allowed unauthorized app access to sensitive user data was resolved in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, and macOS Tahoe 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20651 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20651.json"
        }
      ],
      "title": "CVE-2026-20651"
    },
    {
      "cve": "CVE-2026-20657",
      "notes": [
        {
          "category": "description",
          "text": "Improved memory handling in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5 fixed an issue where parsing a maliciously crafted file could cause unexpected app termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20657 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20657.json"
        }
      ],
      "title": "CVE-2026-20657"
    },
    {
      "cve": "CVE-2026-20660",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A path handling vulnerability allowing remote users to write arbitrary files was fixed in multiple Apple operating systems and Safari versions through improved logic preventing unauthorized file writes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20660 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20664",
      "notes": [
        {
          "category": "description",
          "text": "Improved memory handling in Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4 fixed an issue where processing maliciously crafted web content could cause unexpected process crashes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20664 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20664.json"
        }
      ],
      "title": "CVE-2026-20664"
    },
    {
      "cve": "CVE-2026-20665",
      "notes": [
        {
          "category": "description",
          "text": "Apple fixed a vulnerability in multiple operating systems and Safari versions 26.4 and iOS/iPadOS 18.7.7 where malicious web content could bypass Content Security Policy enforcement due to improper state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20665 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20665.json"
        }
      ],
      "title": "CVE-2026-20665"
    },
    {
      "cve": "CVE-2026-20668",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue affecting iOS, iPadOS, macOS, and visionOS was fixed by enhancing data redaction to prevent apps from accessing sensitive user information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20668 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20668.json"
        }
      ],
      "title": "CVE-2026-20668"
    },
    {
      "cve": "CVE-2026-20684",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue in macOS Tahoe 26.4 was fixed by implementing additional restrictions to prevent an app from bypassing Gatekeeper security checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20684 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20684.json"
        }
      ],
      "title": "CVE-2026-20684"
    },
    {
      "cve": "CVE-2026-20687",
      "notes": [
        {
          "category": "description",
          "text": "A use after free vulnerability in multiple Apple operating systems was fixed by improving memory management to prevent apps from causing unexpected system termination or writing to kernel memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20687 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20687.json"
        }
      ],
      "title": "CVE-2026-20687"
    },
    {
      "cve": "CVE-2026-20688",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing applications to potentially escape their sandbox was fixed through improved validation in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, and visionOS 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20688 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20688.json"
        }
      ],
      "title": "CVE-2026-20688"
    },
    {
      "cve": "CVE-2026-20690",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds access vulnerability in Apple operating systems was fixed by improving bounds checking to prevent process termination caused by maliciously crafted audio streams.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20690 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20690.json"
        }
      ],
      "title": "CVE-2026-20690"
    },
    {
      "cve": "CVE-2026-20691",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability in Safari 26.4 and related OS versions was resolved by enhancing state management to prevent malicious webpages from fingerprinting users.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20691 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20691.json"
        }
      ],
      "title": "CVE-2026-20691"
    },
    {
      "cve": "CVE-2026-20692",
      "notes": [
        {
          "category": "description",
          "text": "A privacy issue affecting user preferences for mail content handling, specifically the \u0027Hide IP Address\u0027 and \u0027Block All Remote Content\u0027 features, was fixed in iOS 26.4, iPadOS 26.4, and various macOS versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20692 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20692.json"
        }
      ],
      "title": "CVE-2026-20692"
    },
    {
      "cve": "CVE-2026-20693",
      "notes": [
        {
          "category": "description",
          "text": "An issue allowing an attacker with root privileges to delete protected system files was resolved through improved state management in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20693 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20693.json"
        }
      ],
      "title": "CVE-2026-20693"
    },
    {
      "cve": "CVE-2026-20694",
      "notes": [
        {
          "category": "description",
          "text": "Multiple versions of iOS, iPadOS, and macOS addressed a vulnerability involving improper handling of symlinks that could allow an app to access user-sensitive data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20694 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20694.json"
        }
      ],
      "title": "CVE-2026-20694"
    },
    {
      "cve": "CVE-2026-20695",
      "notes": [
        {
          "category": "description",
          "text": "An information disclosure vulnerability allowing applications to determine kernel memory layout was fixed by improving memory management in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20695 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20695.json"
        }
      ],
      "title": "CVE-2026-20695"
    },
    {
      "cve": "CVE-2026-20697",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed a permissions issue by implementing additional restrictions to prevent apps from accessing sensitive user data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20697 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20697.json"
        }
      ],
      "title": "CVE-2026-20697"
    },
    {
      "cve": "CVE-2026-20698",
      "notes": [
        {
          "category": "description",
          "text": "A memory handling vulnerability in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4 could allow an app to cause unexpected system termination or kernel memory corruption, which was resolved through improved memory management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20698 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20698.json"
        }
      ],
      "title": "CVE-2026-20698"
    },
    {
      "cve": "CVE-2026-20699",
      "notes": [
        {
          "category": "description",
          "text": "A downgrade vulnerability on Intel-based Macs allowing potential access to user-sensitive data was mitigated by enhanced code-signing restrictions in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.3/26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20699 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20699.json"
        }
      ],
      "title": "CVE-2026-20699"
    },
    {
      "cve": "CVE-2026-20701",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed an access issue by implementing additional sandbox restrictions to prevent apps from connecting to network shares without user consent.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20701 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20701.json"
        }
      ],
      "title": "CVE-2026-20701"
    },
    {
      "cve": "CVE-2026-28816",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing unauthorized file deletion was fixed through improved validation in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28816 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28816.json"
        }
      ],
      "title": "CVE-2026-28816"
    },
    {
      "cve": "CVE-2026-28817",
      "notes": [
        {
          "category": "description",
          "text": "A race condition vulnerability allowing sandboxed processes to bypass restrictions was fixed by improving state handling in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28817.json"
        }
      ],
      "title": "CVE-2026-28817"
    },
    {
      "cve": "CVE-2026-28818",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue allowing apps to access sensitive user data was fixed through improved data redaction in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28818 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28818.json"
        }
      ],
      "title": "CVE-2026-28818"
    },
    {
      "cve": "CVE-2026-28820",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.4 addressed a security issue by implementing enhanced validation checks to prevent unauthorized app access to sensitive user data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28820 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28820.json"
        }
      ],
      "title": "CVE-2026-28820"
    },
    {
      "cve": "CVE-2026-28821",
      "notes": [
        {
          "category": "description",
          "text": "A validation issue in entitlement verification that could allow an app to gain elevated privileges was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 through improved process entitlement validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28821 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28821.json"
        }
      ],
      "title": "CVE-2026-28821"
    },
    {
      "cve": "CVE-2026-28822",
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability related to memory handling in multiple Apple operating systems could allow an attacker to cause unexpected application termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28822 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28822.json"
        }
      ],
      "title": "CVE-2026-28822"
    },
    {
      "cve": "CVE-2026-28823",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability in macOS Tahoe 26.4 allowed applications with root privileges to delete protected system files, which was resolved through improved validation mechanisms.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28823 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28823.json"
        }
      ],
      "title": "CVE-2026-28823"
    },
    {
      "cve": "CVE-2026-28824",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability allowing applications to access sensitive user data was resolved by enhancing state management in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28824 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28824.json"
        }
      ],
      "title": "CVE-2026-28824"
    },
    {
      "cve": "CVE-2026-28825",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability allowing applications to modify protected file system areas was fixed by improving bounds checking in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28825 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28825.json"
        }
      ],
      "title": "CVE-2026-28825"
    },
    {
      "cve": "CVE-2026-28826",
      "notes": [
        {
          "category": "description",
          "text": "A logic flaw in macOS Tahoe 26.4 allowed a malicious application to escape its sandbox, which was addressed by implementing enhanced sandbox restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28826 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28826.json"
        }
      ],
      "title": "CVE-2026-28826"
    },
    {
      "cve": "CVE-2026-28827",
      "notes": [
        {
          "category": "description",
          "text": "A parsing vulnerability in directory path handling that could allow an application to escape its sandbox was fixed through enhanced path validation in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28827 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28827.json"
        }
      ],
      "title": "CVE-2026-28827"
    },
    {
      "cve": "CVE-2026-28828",
      "notes": [
        {
          "category": "description",
          "text": "A permissions vulnerability allowing applications to access sensitive user data was fixed by removing the vulnerable code in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28828 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28828.json"
        }
      ],
      "title": "CVE-2026-28828"
    },
    {
      "cve": "CVE-2026-28829",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 addressed a permissions issue by implementing additional restrictions to prevent applications from modifying protected parts of the file system.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28829 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28829.json"
        }
      ],
      "title": "CVE-2026-28829"
    },
    {
      "cve": "CVE-2026-28831",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability allowing applications to access sensitive user data was resolved by enhancing state management in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28831 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28831.json"
        }
      ],
      "title": "CVE-2026-28831"
    },
    {
      "cve": "CVE-2026-28832",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 was fixed by improving bounds checking to prevent potential kernel memory disclosure by applications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28832 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28832.json"
        }
      ],
      "title": "CVE-2026-28832"
    },
    {
      "cve": "CVE-2026-28833",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue allowing apps to enumerate a user\u2019s installed applications was fixed by implementing additional restrictions in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28833 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28833.json"
        }
      ],
      "title": "CVE-2026-28833"
    },
    {
      "cve": "CVE-2026-28834",
      "notes": [
        {
          "category": "description",
          "text": "A race condition causing potential unexpected system termination was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 by improving state handling to address the issue.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28834 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28834.json"
        }
      ],
      "title": "CVE-2026-28834"
    },
    {
      "cve": "CVE-2026-28835",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability in SMB network share mounting was fixed in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4, addressing a memory management flaw that could cause system termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28835 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28835.json"
        }
      ],
      "title": "CVE-2026-28835"
    },
    {
      "cve": "CVE-2026-28837",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.4 addressed a logic flaw that previously allowed applications to improperly access sensitive user data by implementing enhanced validation checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28837 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28837.json"
        }
      ],
      "title": "CVE-2026-28837"
    },
    {
      "cve": "CVE-2026-28838",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue allowing an app to potentially escape its sandbox was fixed by implementing additional sandbox restrictions in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28838 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28838.json"
        }
      ],
      "title": "CVE-2026-28838"
    },
    {
      "cve": "CVE-2026-28839",
      "notes": [
        {
          "category": "description",
          "text": "An issue allowing applications to access sensitive user data was resolved through enhanced verification mechanisms in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28839 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28839.json"
        }
      ],
      "title": "CVE-2026-28839"
    },
    {
      "cve": "CVE-2026-28841",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability in macOS Tahoe 26.4 was addressed by enhancing size validation to prevent potential memory corruption and application crashes.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28841 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28841.json"
        }
      ],
      "title": "CVE-2026-28841"
    },
    {
      "cve": "CVE-2026-28842",
      "notes": [
        {
          "category": "description",
          "text": "The buffer overflow vulnerability causing memory corruption and application termination was addressed in macOS Tahoe 26.4 through enhanced bounds checking.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28842 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28842.json"
        }
      ],
      "title": "CVE-2026-28842"
    },
    {
      "cve": "CVE-2026-28844",
      "notes": [
        {
          "category": "description",
          "text": "An input validation vulnerability in macOS Tahoe 26.4 was addressed, preventing unauthorized access to the file system.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28844 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28844.json"
        }
      ],
      "title": "CVE-2026-28844"
    },
    {
      "cve": "CVE-2026-28845",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability in macOS Tahoe 26.4 was addressed by enhancing state management to prevent unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28845 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28845.json"
        }
      ],
      "title": "CVE-2026-28845"
    },
    {
      "cve": "CVE-2026-28852",
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow vulnerability allowing denial-of-service was fixed by improving input validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28852 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28852.json"
        }
      ],
      "title": "CVE-2026-28852"
    },
    {
      "cve": "CVE-2026-28857",
      "notes": [
        {
          "category": "description",
          "text": "Improved memory handling in Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4 fixed an issue where processing maliciously crafted web content could cause unexpected process crashes.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28857 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28857.json"
        }
      ],
      "title": "CVE-2026-28857"
    },
    {
      "cve": "CVE-2026-28859",
      "notes": [
        {
          "category": "description",
          "text": "A memory handling vulnerability in Safari 26.4 and related OS versions was fixed, preventing malicious websites from processing restricted web content outside the sandbox environment.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28859 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28859.json"
        }
      ],
      "title": "CVE-2026-28859"
    },
    {
      "cve": "CVE-2026-28861",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue in state management was fixed across multiple Apple operating systems to prevent malicious websites from accessing script message handlers intended for other origins.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28861 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28861.json"
        }
      ],
      "title": "CVE-2026-28861"
    },
    {
      "cve": "CVE-2026-28862",
      "notes": [
        {
          "category": "description",
          "text": "macOS updates Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 enhance private data redaction in log entries to prevent applications from accessing sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28862 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28862.json"
        }
      ],
      "title": "CVE-2026-28862"
    },
    {
      "cve": "CVE-2026-28864",
      "notes": [
        {
          "category": "description",
          "text": "Apple addressed a vulnerability in iOS, iPadOS, macOS, visionOS, and watchOS by enhancing permissions checks to prevent local attackers from accessing users\u0027 Keychain items.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28864 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28864.json"
        }
      ],
      "title": "CVE-2026-28864"
    },
    {
      "cve": "CVE-2026-28865",
      "notes": [
        {
          "category": "description",
          "text": "An authentication vulnerability in multiple Apple operating systems was addressed by improving state management to prevent attackers in privileged network positions from intercepting network traffic.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28865 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28865.json"
        }
      ],
      "title": "CVE-2026-28865"
    },
    {
      "cve": "CVE-2026-28866",
      "notes": [
        {
          "category": "description",
          "text": "Multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, iPadOS 26.4, and various macOS versions addressed a vulnerability where improper symlink validation allowed apps to access sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28866 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28866.json"
        }
      ],
      "title": "CVE-2026-28866"
    },
    {
      "cve": "CVE-2026-28867",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability allowing apps to potentially leak sensitive kernel state was fixed through improved authentication in multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, and macOS Sequoia 15.7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28867 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28867.json"
        }
      ],
      "title": "CVE-2026-28867"
    },
    {
      "cve": "CVE-2026-28868",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue in multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS was fixed by improving data redaction to prevent apps from disclosing kernel memory.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28868 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28868.json"
        }
      ],
      "title": "CVE-2026-28868"
    },
    {
      "cve": "CVE-2026-28870",
      "notes": [
        {
          "category": "description",
          "text": "An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed through additional validation in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28870 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28870.json"
        }
      ],
      "title": "CVE-2026-28870"
    },
    {
      "cve": "CVE-2026-28871",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue in Safari, iOS, iPadOS, and macOS was fixed through improved checks to prevent cross-site scripting attacks from malicious websites.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28871 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28871.json"
        }
      ],
      "title": "CVE-2026-28871"
    },
    {
      "cve": "CVE-2026-28876",
      "notes": [
        {
          "category": "description",
          "text": "A parsing issue in directory path handling was fixed by improving path validation across multiple OS versions to prevent unauthorized app access to sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28876 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28876.json"
        }
      ],
      "title": "CVE-2026-28876"
    },
    {
      "cve": "CVE-2026-28877",
      "notes": [
        {
          "category": "description",
          "text": "An authorization vulnerability allowing apps to potentially access sensitive user data was resolved by enhancing state management in iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28877 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28877.json"
        }
      ],
      "title": "CVE-2026-28877"
    },
    {
      "cve": "CVE-2026-28878",
      "notes": [
        {
          "category": "description",
          "text": "Apple addressed a privacy vulnerability that allowed apps to enumerate installed applications by removing sensitive data in updates to iOS 18.7.7, iPadOS 18.7.7, macOS Sonoma 14.8.5, and other operating systems.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28878 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28878.json"
        }
      ],
      "title": "CVE-2026-28878"
    },
    {
      "cve": "CVE-2026-28879",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability causing potential process crashes when handling malicious web content was fixed through improved memory management in multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28879 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28879.json"
        }
      ],
      "title": "CVE-2026-28879"
    },
    {
      "cve": "CVE-2026-28880",
      "notes": [
        {
          "category": "description",
          "text": "Multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS addressed a permissions issue by implementing additional restrictions to prevent apps from enumerating a user\u2019s installed applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28880 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28880.json"
        }
      ],
      "title": "CVE-2026-28880"
    },
    {
      "cve": "CVE-2026-28881",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.4 fixed a privacy vulnerability by relocating sensitive user data to prevent unauthorized app access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28881 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28881.json"
        }
      ],
      "title": "CVE-2026-28881"
    },
    {
      "cve": "CVE-2026-28882",
      "notes": [
        {
          "category": "description",
          "text": "An issue allowing apps to enumerate a user\u0027s installed applications was resolved through enhanced verification mechanisms in iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28882 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28882.json"
        }
      ],
      "title": "CVE-2026-28882"
    },
    {
      "cve": "CVE-2026-28886",
      "notes": [
        {
          "category": "description",
          "text": "A null pointer dereference vulnerability allowing a privileged network user to cause denial-of-service was fixed via improved input validation in multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28886 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28886.json"
        }
      ],
      "title": "CVE-2026-28886"
    },
    {
      "cve": "CVE-2026-28888",
      "notes": [
        {
          "category": "description",
          "text": "A race condition vulnerability allowing an application to potentially gain root privileges was fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4 by improving state handling.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28888 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28888.json"
        }
      ],
      "title": "CVE-2026-28888"
    },
    {
      "cve": "CVE-2026-28891",
      "notes": [
        {
          "category": "description",
          "text": "A race condition vulnerability allowing an application to potentially escape its sandbox was fixed through additional validation in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28891 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28891.json"
        }
      ],
      "title": "CVE-2026-28891"
    },
    {
      "cve": "CVE-2026-28892",
      "notes": [
        {
          "category": "description",
          "text": "A permissions vulnerability allowing applications to modify protected file system areas was fixed by removing vulnerable code in macOS Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28892 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28892.json"
        }
      ],
      "title": "CVE-2026-28892"
    },
    {
      "cve": "CVE-2026-28893",
      "notes": [
        {
          "category": "description",
          "text": "A privacy vulnerability involving the handling of temporary files during print preview was addressed in the macOS Tahoe 26.4 update.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28893 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28893.json"
        }
      ],
      "title": "CVE-2026-28893"
    },
    {
      "cve": "CVE-2026-28894",
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was addressed by improved input validation to prevent remote attackers from causing service disruptions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-28894 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28894.json"
        }
      ],
      "title": "CVE-2026-28894"
    }
  ]
}

RHSA-2026:10702

Vulnerability from csaf_redhat - Published: 2026-04-27 02:00 - Updated: 2026-05-20 09:02

Summary

Red Hat Security Advisory: webkit2gtk3 security update

Severity

Important

Notes

Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511) * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644) * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652) * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676) * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664) * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665) * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857) * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859) * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-43213

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-43214

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-43457

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-43511

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-46299

A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-909 - Missing Initialization of Resource

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-20608

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-20635

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-20636

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-20643

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-346 - Origin Validation Error

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-20644

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-20652

A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-20664

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-20665

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CWE-693 - Protection Mechanism Failure

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-20676

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-20691

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-28857

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-28859

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-28871

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 46 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

95 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:10702	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448781	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448782	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448786	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448787	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448788	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448790	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448791	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448792	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448794	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453000	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453001	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453002	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453003	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453004	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453006	external
https://bugzilla.redhat.com/show_bug.cgi?id=2453008	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-43213	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448781	external
https://www.cve.org/CVERecord?id=CVE-2025-43213	external
https://nvd.nist.gov/vuln/detail/CVE-2025-43213	external
https://webkitgtk.org/security/WSA-2026-0001.html	external
https://access.redhat.com/security/cve/CVE-2025-43214	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448782	external
https://www.cve.org/CVERecord?id=CVE-2025-43214	external
https://nvd.nist.gov/vuln/detail/CVE-2025-43214	external
https://access.redhat.com/security/cve/CVE-2025-43457	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448786	external
https://www.cve.org/CVERecord?id=CVE-2025-43457	external
https://nvd.nist.gov/vuln/detail/CVE-2025-43457	external
https://access.redhat.com/security/cve/CVE-2025-43511	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448787	external
https://www.cve.org/CVERecord?id=CVE-2025-43511	external
https://nvd.nist.gov/vuln/detail/CVE-2025-43511	external
https://access.redhat.com/security/cve/CVE-2025-46299	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448788	external
https://www.cve.org/CVERecord?id=CVE-2025-46299	external
https://nvd.nist.gov/vuln/detail/CVE-2025-46299	external
https://access.redhat.com/security/cve/CVE-2026-20608	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448789	external
https://www.cve.org/CVERecord?id=CVE-2026-20608	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20608	external
https://access.redhat.com/security/cve/CVE-2026-20635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448790	external
https://www.cve.org/CVERecord?id=CVE-2026-20635	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20635	external
https://access.redhat.com/security/cve/CVE-2026-20636	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448791	external
https://www.cve.org/CVERecord?id=CVE-2026-20636	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20636	external
https://access.redhat.com/security/cve/CVE-2026-20643	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453000	external
https://www.cve.org/CVERecord?id=CVE-2026-20643	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20643	external
https://webkitgtk.org/security/WSA-2026-0002.html	external
https://access.redhat.com/security/cve/CVE-2026-20644	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448792	external
https://www.cve.org/CVERecord?id=CVE-2026-20644	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20644	external
https://access.redhat.com/security/cve/CVE-2026-20652	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448793	external
https://www.cve.org/CVERecord?id=CVE-2026-20652	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20652	external
https://access.redhat.com/security/cve/CVE-2026-20664	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453001	external
https://www.cve.org/CVERecord?id=CVE-2026-20664	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20664	external
https://access.redhat.com/security/cve/CVE-2026-20665	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453002	external
https://www.cve.org/CVERecord?id=CVE-2026-20665	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20665	external
https://access.redhat.com/security/cve/CVE-2026-20676	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448794	external
https://www.cve.org/CVERecord?id=CVE-2026-20676	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20676	external
https://access.redhat.com/security/cve/CVE-2026-20691	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453003	external
https://www.cve.org/CVERecord?id=CVE-2026-20691	external
https://nvd.nist.gov/vuln/detail/CVE-2026-20691	external
https://access.redhat.com/security/cve/CVE-2026-28857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453004	external
https://www.cve.org/CVERecord?id=CVE-2026-28857	external
https://nvd.nist.gov/vuln/detail/CVE-2026-28857	external
https://access.redhat.com/security/cve/CVE-2026-28859	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453006	external
https://www.cve.org/CVERecord?id=CVE-2026-28859	external
https://nvd.nist.gov/vuln/detail/CVE-2026-28859	external
https://access.redhat.com/security/cve/CVE-2026-28871	self
https://bugzilla.redhat.com/show_bug.cgi?id=2453008	external
https://www.cve.org/CVERecord?id=CVE-2026-28871	external
https://nvd.nist.gov/vuln/detail/CVE-2026-28871	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:10702",
        "url": "https://access.redhat.com/errata/RHSA-2026:10702"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2448781",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
      },
      {
        "category": "external",
        "summary": "2448782",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
      },
      {
        "category": "external",
        "summary": "2448786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
      },
      {
        "category": "external",
        "summary": "2448787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
      },
      {
        "category": "external",
        "summary": "2448788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
      },
      {
        "category": "external",
        "summary": "2448789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
      },
      {
        "category": "external",
        "summary": "2448790",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
      },
      {
        "category": "external",
        "summary": "2448791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
      },
      {
        "category": "external",
        "summary": "2448792",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
      },
      {
        "category": "external",
        "summary": "2448793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
      },
      {
        "category": "external",
        "summary": "2448794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
      },
      {
        "category": "external",
        "summary": "2453000",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
      },
      {
        "category": "external",
        "summary": "2453001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
      },
      {
        "category": "external",
        "summary": "2453002",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
      },
      {
        "category": "external",
        "summary": "2453003",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
      },
      {
        "category": "external",
        "summary": "2453004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
      },
      {
        "category": "external",
        "summary": "2453006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
      },
      {
        "category": "external",
        "summary": "2453008",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10702.json"
      }
    ],
    "title": "Red Hat Security Advisory: webkit2gtk3 security update",
    "tracking": {
      "current_release_date": "2026-05-20T09:02:06+00:00",
      "generator": {
        "date": "2026-05-20T09:02:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2026:10702",
      "initial_release_date": "2026-04-27T02:00:56+00:00",
      "revision_history": [
        {
          "date": "2026-04-27T02:00:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-27T02:00:56+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-20T09:02:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "webkit2gtk3-0:2.52.3-1.el8_10.src",
                "product": {
                  "name": "webkit2gtk3-0:2.52.3-1.el8_10.src",
                  "product_id": "webkit2gtk3-0:2.52.3-1.el8_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
                "product": {
                  "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-0:2.52.3-1.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src"
        },
        "product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.src",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64"
        },
        "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686"
        },
        "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le"
        },
        "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x"
        },
        "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        },
        "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-43213",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:07:22.054000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448781"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-43213"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448781",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
    },
    {
      "cve": "CVE-2025-43214",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:09:29.354000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448782"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-43214"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448782",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
    },
    {
      "cve": "CVE-2025-43457",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2026-03-18T20:13:39.977000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-43457"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
    },
    {
      "cve": "CVE-2025-43511",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2026-03-18T20:14:54.262000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-43511"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2025-46299",
      "cwe": {
        "id": "CWE-909",
        "name": "Missing Initialization of Resource"
      },
      "discovery_date": "2026-03-18T20:16:02.414000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-46299"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
    },
    {
      "cve": "CVE-2026-20608",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:17:02.437000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448789"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20608"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448789",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2026-20635",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:18:01.074000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448790"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448790",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2026-20636",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:19:05.331000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20636"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2026-20643",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "discovery_date": "2026-03-30T12:26:44.043000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453000"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20643"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453000",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
    },
    {
      "cve": "CVE-2026-20644",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:20:25.753000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448792"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20644"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448792",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2026-20652",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T20:21:51.189000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20652"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
    },
    {
      "cve": "CVE-2026-20664",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-30T12:29:28.691000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20664"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2026-20665",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "discovery_date": "2026-03-30T12:31:00.597000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453002"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20665"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453002",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
    },
    {
      "cve": "CVE-2026-20676",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "discovery_date": "2026-03-18T20:22:50.858000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448794"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: A website may be able to track users through Safari web extensions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20676"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448794",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0001.html"
        }
      ],
      "release_date": "2026-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webkitgtk: A website may be able to track users through Safari web extensions"
    },
    {
      "cve": "CVE-2026-20691",
      "cwe": {
        "id": "CWE-497",
        "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
      },
      "discovery_date": "2026-03-30T12:32:51.727000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453003"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-20691"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453003",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
    },
    {
      "cve": "CVE-2026-28857",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-30T12:34:50.919000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2026-28859",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-30T12:36:23.943000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453006"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28859"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453006",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
    },
    {
      "cve": "CVE-2026-28871",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-03-30T12:39:07.445000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453008"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28871"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453008",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2026-0002.html"
        }
      ],
      "release_date": "2026-03-28T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T02:00:56+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10702"
        },
        {
          "category": "workaround",
          "details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-28859 (GCVE-0-2026-28859)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solutions

Tags

Sightings

Nomenclature