A cross-origin issue in the Navigation API was addressed with improved input validation.

**iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), MacOS 26.3.2 (a)
Released March 17, 2026**

WebKit
Available for: iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, macOS 26.3.2

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: A cross-origin issue in the Navigation API was addressed with improved input validation.

WebKit Bugzilla: 306050

CVE-2026-20643: Thomas Espach