Home / Vulnerability Intelligence / CVE-2026-4696

CVE-2026-4696 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 24, 2026

Firefox - Use After Free

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9 contain a use-after-free vulnerability in the Layout: Text and Fonts component, letting attackers cause memory corruption or remote code execution, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can cause memory corruption or execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9 or later.

References

https://www.mozilla.org/security/advisories/mfsa2026-22/
https://bugzilla.mozilla.org/show_bug.cgi?id=2020190
https://www.mozilla.org/security/advisories/mfsa2026-20/
https://www.mozilla.org/security/advisories/mfsa2026-21/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4696
Severity: Critical
CVSS Score: 9.8
Type: use_after_free
Status: confirmed

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H