CVE-2026-2801

CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly component

Published February 24, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Key dates

Disclosure timeline

February 24, 2026 CVE published
April 13, 2026 Record updated