CVE-2026-20676

MEDIUM5.3EPSS 0.05%

Published: 2/11/2026Modified: 5/8/2026

Description

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

Affected packages (5)

Bitnami/javafrom 0, < 1.8.0, >= 1.9.0, < 8.0.491
Bitnami/java-minfrom 0, < 1.8.0, >= 1.9.0, < 8.0.491
Bitnami/jrefrom 0, < 1.8.0, >= 1.9.0, < 8.0.491
Debian/webkit2gtkfrom 0, < 2.50.6-1~deb11u1
Debian/wpewebkitfrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (6)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-20676
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-20676
WEBhttps://support.apple.com/en-us/126346
WEBhttps://support.apple.com/en-us/126348
WEBhttps://support.apple.com/en-us/126353
WEBhttps://support.apple.com/en-us/126354