CVE Catalog

CVE-2026-2786

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-2786 involves a use-after-free vulnerability in the JavaScript Engine component. It has been fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized memory access, potentially resulting in data leakage or execution of malicious code.

Recommendation

It is recommended to update to the latest versions of Firefox and Thunderbird to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS