Home / Vulnerability Intelligence / CVE-2026-2796

CVE-2026-2796 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 25, 2026

Firefox - Undefined Vulnerability

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

Firefox < 148 contains a JIT miscompilation vulnerability in the JavaScript: WebAssembly component, letting attackers cause incorrect code execution or behavior, exploit requires crafted WebAssembly code.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.3%(Probability of exploitation in next 30 days)

Impact

Attackers can cause incorrect code execution or behavior, potentially leading to security bypass or crashes.

Mitigation

Update to Firefox version 148 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🔴 CVE-2026-2796 - Critical (9.8) JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2796/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2796
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: confirmed
EPSS: 4.3%
Social Posts: 1

CWE

CWE-843

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.3%Probability of exploitation in the next 30 days