CVE Catalog

CVE-2026-8094

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile — higher than 36% of all known CVEs

Summary

An unspecified vulnerability was found in the WebRTC component of Firefox and Thunderbird. The flaw was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

Risk Assessment

The vulnerability could allow an attacker to execute arbitrary code or compromise data confidentiality during WebRTC communications, posing a risk to user security.

Recommendation

Immediately update Firefox ESR to version 140.10.2 or later and Thunderbird to version 140.10.2 or later.

Original NVD description (English source)

Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS