CVE-2026-2798 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 25, 2026
Firefox - Use After Free
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148 contains a use-after-free vulnerability caused by improper memory management in the DOM Core & HTML component, letting attackers cause memory corruption or remote code execution, exploit requires crafted web content.
Severity & Score
Severity: High
CVSS Score: 8.8
EPSS Score: 3.9%(Probability of exploitation in next 30 days)
Impact
Attackers can cause memory corruption or execute arbitrary code remotely via crafted web content.
Mitigation
Update to version 148 or later.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š CVE-2026-2798 - High (8.8) Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. š https://www.thehackerwire.com/vulnerability/CVE-2026-2798/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2798
- Severity
- High
- CVSS Score
- 8.8
- Type
- use_after_free
- Status
- confirmed
- EPSS
- 3.9%
- Social Posts
- 1
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
3.9%Probability of exploitation in the next 30 days