CVE-2022-22594

ENISA EUVD: EUVD-2022-27739 ↗
✓ Confirmed 0-Day
Triaged: March 20, 2026 14 articles Published: 2022-03-18
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.22%
probability
This CVE has a 0.22% probability of being exploited in the next 30 days.
0% Top 44.0th percentile of all CVEs 100%

CVSS v3.1

Source: NVD
6.5
MEDIUM
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2 (legacy)

4.3
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
AV:N/AC:M/Au:N/C:P/I:N/A:N

Description

VulnerabilityLookup (CNA)
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

Affected Products

Apple
iOS and iPadOS
unspecified
Apple
macOS
unspecified
Apple
tvOS
unspecified
Apple
tvOS
unspecified
Apple
watchOS
unspecified

Attack Intelligence

Signal Intelligence

Confidence
92%
EPSS 0.22%
CVSS v3.1 6.5
Mentions 14
Last Seen Dec 13, 2022

CNA Information

CNA Assigner
apple

Analyst Note

Multiple authoritative sources (BleepingComputer, TheHackerNews) explicitly confirm CVE-2022-22594 as a zero-day actively exploited in the wild against macOS and iOS devices, with Apple issuing emergency patches simultaneously. The timing and language ("actively exploited," "emergency patches") clearly indicate exploitation preceded or coincided with patch availability.

Triage Info

Decided atMar 20, 2026
Published DateMar 18, 2022