CVE-2026-2767

CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component

Published February 24, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Key dates

Disclosure timeline

February 24, 2026 CVE published
April 13, 2026 Record updated