CVE Catalog
CVE-2026-12329
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.31%
23th percentile — higher than 23% of all known CVEs
Summary
A memory safety bug was fixed in Thunderbird ESR 140.12. This vulnerability was also patched in Firefox ESR 140.12 and Thunderbird 140.12.
Risk Assessment
The flaw could allow remote code execution or data leakage via memory corruption.
Recommendation
Immediately update Thunderbird to version 140.12 or later.
Original NVD description (English source)
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

