CVE Catalog

CVE-2026-4688

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile - higher than 41% of all known CVEs

Summary

A sandbox escape vulnerability due to a use-after-free in the Disability Access APIs component. The flaw was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Risk Assessment

An attacker could exploit this vulnerability to break out of the browser sandbox, potentially leading to arbitrary code execution in the operating system context and full device compromise.

Recommendation

Immediately update Firefox to version 149 or later, and Firefox ESR to version 140.9 or later. For Thunderbird, update to version 149 or 140.9.

Original NVD description (English source)

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS