CVE-2026-2776
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
A sandbox escape vulnerability exists in the Telemetry component of external software due to incorrect boundary conditions. This flaw was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
An attacker could exploit this vulnerability to break out of the sandbox, potentially gaining unauthorized access to the operating system and user data.
Recommendation
Immediately update Firefox to version 148 or later, ESR versions to 115.33 or 140.8, and Thunderbird to version 148 or 140.8.
Original NVD description (English source)
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

