CVE-2026-2797 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
Firefox - Use After Free
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148 contains a use-after-free vulnerability caused by improper memory management in the JavaScript GC component, letting attackers cause memory corruption or remote code execution, exploit requires crafted web content.
Severity & Score
Severity: Critical
CVSS Score: 9.8
EPSS Score: 3.9%(Probability of exploitation in next 30 days)
Impact
Attackers can cause memory corruption or execute arbitrary code remotely via crafted web content.
Mitigation
Update to Firefox version 148 or later.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2026-2797 - Critical (9.8) Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. š https://www.thehackerwire.com/vulnerability/CVE-2026-2797/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2797
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- use_after_free
- Status
- confirmed
- EPSS
- 3.9%
- Social Posts
- 1
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
3.9%Probability of exploitation in the next 30 days