The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
https://support.apple.com/en-us/126354
https://support.apple.com/en-us/126353
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126347
https://support.apple.com/en-us/126346
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-20652.json
https://bugzilla.redhat.com/show_bug.cgi?id=2448793
https://access.redhat.com/security/cve/CVE-2026-20652
https://access.redhat.com/errata/RHSA-2026:9692
https://access.redhat.com/errata/RHSA-2026:22136
https://access.redhat.com/errata/RHSA-2026:19535
https://access.redhat.com/errata/RHSA-2026:19206
https://access.redhat.com/errata/RHSA-2026:16695
https://access.redhat.com/errata/RHSA-2026:16056
https://access.redhat.com/errata/RHSA-2026:14659
https://access.redhat.com/errata/RHSA-2026:13845
https://access.redhat.com/errata/RHSA-2026:11814