The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.
https://support.apple.com/en-us/126800
https://support.apple.com/en-us/126799
https://support.apple.com/en-us/126798
https://support.apple.com/en-us/126797
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126792
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28859.json
https://bugzilla.redhat.com/show_bug.cgi?id=2453006
https://access.redhat.com/security/cve/CVE-2026-28859
https://access.redhat.com/errata/RHSA-2026:9692
https://access.redhat.com/errata/RHSA-2026:22136
https://access.redhat.com/errata/RHSA-2026:19535
https://access.redhat.com/errata/RHSA-2026:19206
https://access.redhat.com/errata/RHSA-2026:16695
https://access.redhat.com/errata/RHSA-2026:16056
https://access.redhat.com/errata/RHSA-2026:14659
https://access.redhat.com/errata/RHSA-2026:13845
https://access.redhat.com/errata/RHSA-2026:11814