CVE Catalog
CVE-2026-4700
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.46%
36th percentile - higher than 36% of all known CVEs
Summary
A mitigation bypass vulnerability exists in the Networking: HTTP component. This flaw was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Risk Assessment
An attacker could exploit this vulnerability to bypass security protections, potentially leading to unauthorized data access or session hijacking.
Recommendation
Immediately update Firefox to version 149 or later, and Firefox ESR to version 140.9 or later. Also update Thunderbird to version 149 or 140.9 depending on the branch used.
Original NVD description (English source)
Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

