CVE-2026-2805 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
Firefox - Undefined Vulnerability
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148 contains a pointer vulnerability caused by invalid pointer handling in the DOM Core & HTML component, letting attackers potentially cause undefined impact, exploit requires crafted input.
Severity & Score
Severity: Critical
CVSS Score: 9.8
EPSS Score: 4.3%(Probability of exploitation in next 30 days)
Impact
Attackers can exploit invalid pointer handling to cause undefined impact.
Mitigation
Update to version 148 or later.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2026-2805 - Critical (9.8) Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. š https://www.thehackerwire.com/vulnerability/CVE-2026-2805/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2805
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 1
CWE
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
4.3%Probability of exploitation in the next 30 days