CVE-2026-2800 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
Firefox for Android - Spoofing
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox for Android < 148 contains a spoofing vulnerability in the WebAuthn component, letting attackers impersonate legitimate entities, exploit requires no special conditions.
Severity & Score
Severity: Critical
CVSS Score: 9.8
EPSS Score: 4.1%(Probability of exploitation in next 30 days)
Impact
Attackers can impersonate legitimate entities, potentially leading to unauthorized access or phishing attacks.
Mitigation
Update to Firefox for Android version 148 or later.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2026-2800 - Critical (9.8) Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. š https://www.thehackerwire.com/vulnerability/CVE-2026-2800/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2800
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- confirmed
- EPSS
- 4.1%
- Social Posts
- 1
CWE
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
4.1%Probability of exploitation in the next 30 days