Home / Vulnerability Intelligence / CVE-2026-2795

CVE-2026-2795 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 25, 2026

Firefox - Use After Free

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

Firefox < 148 contains a use-after-free vulnerability caused by improper memory management in the JavaScript GC component, letting attackers cause memory corruption or remote code execution, exploit requires crafted JavaScript execution.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 3.9%(Probability of exploitation in next 30 days)

Impact

Attackers can cause memory corruption or execute arbitrary code remotely, potentially compromising the system.

Mitigation

Update to version 148 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🔴 CVE-2026-2795 - Critical (9.8) Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2795/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2795
Severity: Critical
CVSS Score: 9.8
Type: use_after_free
Status: confirmed
EPSS: 3.9%
Social Posts: 1

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.9%Probability of exploitation in the next 30 days