Red Hat Linux OS and other open source products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Red Hat product.
RSS Feeds for Red Hat security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Red Hat products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1534 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1504 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1493 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:6436 | (RHSA-2026:6436) Moderate: rsync security update | April 2, 2026 |
| RHSA-2026:5910 | (RHSA-2026:5910) OpenShift Container Platform 4.16.59 bug fix and security update | April 2, 2026 |
| RHSA-2026:6429 | (RHSA-2026:6429) Important: Multicluster Global Hub 1.4.5 security update | April 2, 2026 |
| RHSA-2026:6428 | (RHSA-2026:6428) Network Observability 1.11.1 for OpenShift | April 2, 2026 |
| RHSA-2026:6427 | (RHSA-2026:6427) Moderate: nginx:1.26 security update | April 2, 2026 |
| RHSA-2026:6408 | (RHSA-2026:6408) Moderate: nginx security update | April 1, 2026 |
| RHSA-2026:6404 | (RHSA-2026:6404) Red Hat Ansible Automation Platform 2.6 Container Release Update | April 1, 2026 |
| RHSA-2026:6396 | (RHSA-2026:6396) Important: freerdp security update | April 1, 2026 |
| RHSA-2026:6395 | (RHSA-2026:6395) Important: freerdp security update | April 1, 2026 |
| RHSA-2026:6391 | (RHSA-2026:6391) Moderate: mysql:8.4 security update | April 1, 2026 |
By the Year
In 2026 there have been 368 vulnerabilities in Red Hat with an average score of 7.1 out of ten. Last year, in 2025 Red Hat had 1102 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Red Hat in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.52.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 368 | 7.06 |
| 2025 | 1102 | 6.54 |
| 2024 | 1678 | 6.55 |
| 2023 | 1206 | 6.75 |
| 2022 | 1362 | 6.97 |
| 2021 | 1123 | 6.61 |
| 2020 | 663 | 6.40 |
| 2019 | 771 | 6.98 |
| 2018 | 760 | 7.16 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-35094 | Apr 01, 2026 |
Info Disclosure via Dangling Pointer in libinput Lua PluginA flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor. |
Enterprise Linux (RHEL)
|
| CVE-2026-35093 | Apr 01, 2026 |
Local Privilege Escalation via Lua Bytecode in libinputA flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location. |
Enterprise Linux (RHEL)
|
| CVE-2026-35092 | Apr 01, 2026 |
Corosync Integer Overflow in UDP Join Validation (CVE-2026-35092)A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-35091 | Apr 01, 2026 |
Corosync OOB read via UDP in totemudp DoSA flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-5201 | Mar 31, 2026 |
HeapBased Buffer Overflow in gdkpixbuf JPEG Loader Causing DoSA flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions. |
Enterprise Linux (RHEL)
|
| CVE-2026-5165 | Mar 30, 2026 |
UAF on BLK device reset in virtio-winA flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior. |
Enterprise Linux (RHEL)
|
| CVE-2026-5164 | Mar 30, 2026 |
virtio-win Unmap Param Validation Buffer Overrun DoS vulnerabilityA flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS). |
Enterprise Linux (RHEL)
|
| CVE-2026-5121 | Mar 30, 2026 |
Integer Overflow in libarchive ZISofs Block Pointer on 32bitA flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-5119 | Mar 30, 2026 |
libsoup CONNECT cookie leak in HTTPS tunnelsA flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. |
Enterprise Linux (RHEL)
|
| CVE-2026-28369 | Mar 27, 2026 |
Undertow HTTP Request Smuggling via Leading Space HeaderA flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure. |
Camel Spring Boot
Apache Camel Hawtio
Jboss Data Grid
And others... |
| CVE-2026-28367 | Mar 27, 2026 |
Undertow Request Smuggling via CRCRCR Header Terminator (CVE202628367)A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests. |
Camel Spring Boot
Apache Camel Hawtio
Jboss Data Grid
And others... |
| CVE-2026-28368 | Mar 27, 2026 |
Undertow Header Smuggling via Header Name MisparseA flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources. |
Camel Spring Boot
Apache Camel Hawtio
Jboss Data Grid
And others... |
| CVE-2026-4948 | Mar 27, 2026 |
Unprivileged User Can Modify Firewall State via D-Bus in firewalldA flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2025-12805 | Mar 26, 2026 |
Unauthorized Namespace Access via RHOAI Llama-Stack Operator - CVE-2025-12805A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another users Llama Stack instance and potentially view or manipulate sensitive data. |
Openshift Ai
|
| CVE-2026-0965 | Mar 26, 2026 |
libssh Denial of Service via Arbitrary File Access during Config ParsingA flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-0967 | Mar 26, 2026 |
Libssh DoS via regex backtracking in match_pattern with crafted hostnamesA flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-0968 | Mar 26, 2026 |
libssh SFTP longname NullCheck: Heap OverRead -> DoSA flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-0964 | Mar 26, 2026 |
SCP Client Path Traversal Allowing Local File Overwrite (CVE-2026-0964)A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-0966 | Mar 26, 2026 |
OpenSSH ssh_get_hexa Zero-Length Leak Self-DoS via GSSAPIThe API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-2100 | Mar 26, 2026 |
CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DSA flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-2239 | Mar 26, 2026 |
GIMP PSD Heap-BUF-overflow in fread_pascal_string Causes DoSA flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service. |
Enterprise Linux (RHEL)
|
| CVE-2026-2272 | Mar 26, 2026 |
GIMP ICO Integer Overflow Vulnerability in ico_read_infoA flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service. |
Enterprise Linux (RHEL)
|
| CVE-2026-2271 | Mar 26, 2026 |
GIMP PSP Parser Integer Overflow Enables Heap OOB Write & DoSA flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service. |
Enterprise Linux (RHEL)
|
| CVE-2026-2436 | Mar 26, 2026 |
Use-After-Free in libsoup SoupServer: TLS crash & DoSA flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service. |
Enterprise Linux (RHEL)
|
| CVE-2026-3121 | Mar 26, 2026 |
Keycloak Priv Escalation via Misconfigured manage-clients as manage-permissionsA flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level. |
Build Keycloak
Jboss Enterprise Application Platform
Jbosseapxp
And others... |
| CVE-2026-3190 | Mar 26, 2026 |
Keycloak UMA Permission Ticket Enum - CVE-2026-3190A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. |
Build Keycloak
|
| CVE-2026-4897 | Mar 26, 2026 |
PolKit setuid helper OOM DoS via long stdin inputA flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-1961 | Mar 26, 2026 |
Foreman WS Proxy Command Injection via Unsanitized HostnameA flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure. |
Satellite
Satellite Maintenance
Satellite Capsule
And others... |
| CVE-2026-4887 | Mar 26, 2026 |
GIMP PCX Loader Heap Buffer Over-read Causing DoS (CVE-2026-4887)A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS). |
Enterprise Linux (RHEL)
|
| CVE-2026-4874 | Mar 26, 2026 |
Keycloak SSRF via client_session_host in Refresh TokenA flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak servers network context, potentially probing internal networks or internal APIs, leading to information disclosure. |
Build Keycloak
Jboss Enterprise Application Platform
Jbosseapxp
And others... |
| CVE-2026-33526 | Mar 26, 2026 |
Squid <7.5 Heap UAF DoS via ICPSquid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch. |
|
| CVE-2026-32748 | Mar 26, 2026 |
Squid <7.5: ICP Handler Heap UAF -> DoSSquid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5. |
|
| CVE-2026-4371 | Mar 24, 2026 |
Thunderbird <149 Vulnerable Parser Reads OOB via Malformed Mail (CVE-2026-4371)A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. |
|
| CVE-2026-3889 | Mar 24, 2026 |
Thunderbird Email Client Spoofing Issue <149, <140.9Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. |
|
| CVE-2026-4775 | Mar 24, 2026 |
libtiff Signed Integer Overflow OOB Heap Write in putcontig8bitYCbCr44tileA flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. |
Enterprise Linux (RHEL)
|
| CVE-2026-4721 | Mar 24, 2026 |
Memory Safety Bug in Firefox (ESR 115.33/140.8 & 148) prior to v149Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4720 | Mar 24, 2026 |
Mozilla Firefox <149 & ESR <140.9 Memory Corruption (Thunderbird)Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4719 | Mar 24, 2026 |
Firefox Graphics:Text Boundary Condition Flaw (pre-149 / ESR<140.9)Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4718 | Mar 24, 2026 |
Undefined Behavior in WebRTC Signaling of Firefox <149Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4717 | Mar 24, 2026 |
Privilege Escalation in Netmonitor of Firefox <149/ESR 140.9Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4716 | Mar 24, 2026 |
Firefox <149/ESR <140.9: JS Engine uninitialized memoryIncorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4715 | Mar 24, 2026 |
Uninitialized Memory in Firefox Canvas2D component <149/ESR<140.9Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4713 | Mar 24, 2026 |
FF <149 Graphics Boundary Condition FlawIncorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4714 | Mar 24, 2026 |
Firefox Audio/Video Boundary Condition Flaw (v <149, ESR <140.9)Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4712 | Mar 24, 2026 |
Firefox <149 Info Disclosure via Widget Cocoa Comp (CVE-2026-4712)Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4710 | Mar 24, 2026 |
Firefox AV Boundary Condition Flaw v<149/ESR<140.9Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4711 | Mar 24, 2026 |
Firefox <149 Use-after-free in Cocoa Widget ComponentUse-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4709 | Mar 24, 2026 |
Mozilla Firefox <149 Audio/Video: GMP Boundary Condition VulnerabilityIncorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4708 | Mar 24, 2026 |
Firefox Graphics Boundary Flaw (149, ESR<140.9)Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
|
| CVE-2026-4707 | Mar 24, 2026 |
Firefox <149 Canvas2D Boundary Condition Flaw (CVE20264707)Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |