WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure
Summary
CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.
What changed
This advisory from CERT-Bund details critical vulnerabilities affecting open-source WebKitGTK versions prior to 2.44.0, 2.50.0, 2.50.2, 2.50.5, 2.50.6, and 2.52.0. The identified weaknesses, rated with a high CVSS Base Score of 8.8, enable remote, anonymous attackers to achieve code execution, trigger denial-of-service (DoS) states, or exfiltrate confidential information. The advisory notes that mitigation is available, and provides links to CVE information and version history.
Organizations utilizing WebKitGTK in their systems, particularly on UNIX-based operating systems or as part of other applications (like Safari on macOS/iOS), should prioritize updating to patched versions. Failure to do so could expose systems to significant security risks, including unauthorized code execution and data breaches. While no specific compliance deadline is stated, immediate patching is strongly recommended to mitigate these high-severity threats.
What to do next
- Update WebKitGTK to patched versions (>= 2.44.0, >= 2.50.0, etc.)
- Assess systems for potential exploitation of identified vulnerabilities
- Implement mitigation strategies as recommended by CERT-Bund
Archived snapshot
Mar 19, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-0782] WebKitGTK: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 18.03.2026 Stand 19.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.
Produkte
18.03.2026
- Open Source WebKitGTK <2.44.0
Open Source WebKitGTK <2.50.0
Open Source WebKitGTK <2.50.5
Open Source WebKitGTK <2.50.2
Open Source WebKitGTK <2.50.6
Open Source WebKitGTK <2.52.0
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand auszulösen oder vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.