CVE-2026-4725 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: March 25, 2026
Firefox - Sandbox Escape
Published: March 24, 2026Updated: March 25, 2026Remote Exploitable
Overview
Firefox < 149 contains a use-after-free vulnerability caused by improper memory handling in the Graphics: Canvas2D component, letting attackers escape sandbox restrictions, exploit requires crafted content execution.
Severity & Score
Severity: Critical
CVSS Score: 10.0
EPSS Score: 1.1%(Probability of exploitation in next 30 days)
Impact
Attackers can escape sandbox restrictions, potentially leading to full system compromise.
Mitigation
Update to version 149 or later.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2026-4725 - Critical (10) Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149. š https://www.thehackerwire.com/vulnerability/CVE-2026-4725/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-4725
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- use_after_free
- Status
- modified
- EPSS
- 1.1%
- Social Posts
- 1
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
1.1%Probability of exploitation in the next 30 days