Home / Vulnerability Intelligence / CVE-2026-4718

CVE-2026-4718 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 25, 2026

Firefox - Undefined Behavior

Published: March 24, 2026Updated: March 25, 2026Remote Exploitable

Overview

Firefox < 149 and Firefox ESR < 140.9 contain an undefined behavior vulnerability in the WebRTC Signaling component, potentially allowing attackers to cause unexpected behavior, exploit requires unspecified conditions.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers may cause unexpected behavior or instability in the application, potentially leading to denial of service or other impacts.

Mitigation

Update to Firefox 149 and Firefox ESR 140.9 or later.

References

https://www.mozilla.org/security/advisories/mfsa2026-20/
https://www.mozilla.org/security/advisories/mfsa2026-22/
https://www.mozilla.org/security/advisories/mfsa2026-23/
https://www.mozilla.org/security/advisories/mfsa2026-24/
https://bugzilla.mozilla.org/show_bug.cgi?id=2014864

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4718
Severity: High
CVSS Score: 8.1
Type: undefined
Status: confirmed

CWE

CWE-758

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N