CVE Catalog

CVE-2026-2768

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile - higher than 28% of all known CVEs

Summary

A sandbox escape vulnerability exists in the Storage: IndexedDB component. This flaw was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An attacker can exploit this vulnerability to break out of the browser sandbox and gain access to the underlying operating system, potentially leading to full device compromise.

Recommendation

Immediately update Firefox to version 148 or later, Firefox ESR to version 140.8 or later, and Thunderbird to version 148 or 140.8.

Original NVD description (English source)

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS