CVE Catalog

CVE-2026-4700

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.46%

36th percentile - higher than 36% of all known CVEs

Summary

A mitigation bypass vulnerability exists in the Networking: HTTP component. This flaw was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Risk Assessment

An attacker could exploit this vulnerability to bypass security protections, potentially leading to unauthorized data access or session hijacking.

Recommendation

Immediately update Firefox to version 149 or later, and Firefox ESR to version 140.9 or later. Also update Thunderbird to version 149 or 140.9 depending on the branch used.

Original NVD description (English source)

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS