WebKitGTK Vulnerability Allows Remote Information Disclosure
Summary
CERT-Bund issued advisory WID-SEC-2026-1262 warning of a medium-severity vulnerability in WebKitGTK, the open-source browser engine used by Safari and many applications on macOS, iOS, and Linux. The flaw carries a CVSS Base Score of 4.7 and enables a remote, anonymous attacker to exploit the vulnerability to disclose information. The advisory was published on 23 April 2026 with an update on 24 April 2026, and no mitigation measures are currently available.
“Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WebKitGTK ausnutzen, um Informationen offenzulegen.”
About this source
CERT-Bund is the German federal cybersecurity agency's incident response team, run by the BSI. Their advisory feed publishes vulnerability disclosures and active exploitation warnings for software in widespread enterprise use: VPN appliances, email servers, file transfer products, ERP systems, browsers, hypervisors. Around 280 advisories a month, each with a CVSS score, affected versions, and remediation guidance. The advisories are written in German but cover the same vulnerabilities that show up in CISA, NCSC-UK, and JPCERT bulletins, often hours earlier. Watch this if you patch enterprise software, run a SOC, or write detection rules. GovPing publishes each advisory with the affected vendor, CVSS score, and original CERT-Bund link.
What changed
CERT-Bund published a security advisory disclosing a vulnerability in WebKitGTK, a widely-used open-source browser engine underlying Safari and numerous applications across macOS, iOS, and Linux platforms. The vulnerability, with a CVSS Base Score of 4.7 (medium) and Temporal Score of 4.3, permits a remote, anonymous attacker to exploit the flaw to disclose information. No vendor-provided mitigation is currently available.
Organisations running WebKitGTK-based software should monitor for security updates from upstream maintainers. IT security teams should track upstream WebKitGTK release notes and apply patches promptly once available. This advisory does not mandate specific remediation timelines or contain penalty provisions.
Archived snapshot
Apr 24, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1262] WebKitGTK: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 4.7 (mittel) CVSS Temporal Score 4.3 (mittel) Remoteangriff ja Datum 23.04.2026 Stand 24.04.2026 Mitigation nein
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.
Produkte
23.04.2026
- Open Source WebKitGTK
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WebKitGTK ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.