CVE Catalog

CVE-2026-8401

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A sandbox escape vulnerability exists in the Profile Backup component of Firefox and Thunderbird. It is fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Risk Assessment

An attacker could exploit this flaw to break out of the sandbox, potentially accessing sensitive data or escalating privileges on the host system.

Recommendation

Immediately update Firefox to version 150.0.3 or later, Firefox ESR to 115.36/140.11, and Thunderbird to 140.11.

Original NVD description (English source)

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS