CVE-2024-40866

Advisory lineage Upstream: 0 Downstream: 17

Downstream

DEBIAN-CVE-2024-40866 DLA-3961-1 DSA-5792-1 RHSA-2024:8180 RHSA-2024:9553 RHSA-2024:9636

Modified

Published: 16 Sept 2024, 23:22

Last modified:02 Apr 2026, 18:12

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.09% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Sept 2024, 23:22

Published

Vulnerability first disclosed

02 Apr 2026, 18:12

Last Modified

Vulnerability information updated

Description

The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Affected Systems

apple•macos
≥ unspecified, < 15 | < 15.0 | < 15
apple•safari
≥ unspecified, < 18 | < 18.0 | < 18

References (5)

https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121241
https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html
http://seclists.org/fulldisclosure/2024/Sep/37
http://seclists.org/fulldisclosure/2024/Sep/33