Home / Vulnerability Intelligence / CVE-2026-2807

CVE-2026-2807 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 25, 2026

Mozilla Firefox - Remote Code Execution

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

Mozilla Firefox < 148 contains memory safety bugs caused by memory corruption, letting attackers potentially execute arbitrary code, exploit requires successful memory corruption.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.3%(Probability of exploitation in next 30 days)

Impact

Attackers can exploit memory corruption to execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to version 148 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🔴 CVE-2026-2807 - Critical (9.8) Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2807/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2807
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: modified
EPSS: 4.3%
Social Posts: 1

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.3%Probability of exploitation in the next 30 days