CVE-2026-2806 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 25, 2026
Firefox - Information Disclosure
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148 contains an uninitialized memory vulnerability in the Graphics: Text component, letting attackers potentially access sensitive information, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.1
EPSS Score: 4.3%(Probability of exploitation in next 30 days)
Impact
Attackers can access sensitive memory contents, potentially leading to information disclosure.
Mitigation
Update to Firefox version 148 or later.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2026-2806 - Critical (9.1) Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148. š https://www.thehackerwire.com/vulnerability/CVE-2026-2806/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2806
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- undefined
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 1
CWE
- CWE-908
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
4.3%Probability of exploitation in the next 30 days