Critical Cordova Vulnerability Threatens iOS App Data Boundaries

Severe vulnerability CVE-2026-47430 in Apache Cordova's iOS InAppBrowser plugin allows untrusted web content to break out of the sandbox and trigger predictable host-app callbacks, enabling remote unauthenticated attackers to execute commands, spoof plugin results, and access sensitive device capabilities; versions 3.1.0 through 6.0.0 are affected and immediate upgrade to 6.0.1 (which adds validation) is recommended.