CVE-2026-2766

CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component

Published February 24, 2026
Last update April 16, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Key dates

Disclosure timeline

February 24, 2026 CVE published
April 16, 2026 Record updated