CVE Catalog

CVE-2026-2776

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile - higher than 38% of all known CVEs

Summary

A sandbox escape vulnerability exists in the Telemetry component of external software due to incorrect boundary conditions. This flaw was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An attacker could exploit this vulnerability to break out of the sandbox, potentially gaining unauthorized access to the operating system and user data.

Recommendation

Immediately update Firefox to version 148 or later, ESR versions to 115.33 or 140.8, and Thunderbird to version 148 or 140.8.

Original NVD description (English source)

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS