Is Android affected by CVE-2026-2794?

Firefox and Firefox Focus users on Android running versions below 148 are vulnerable to information disclosure through uninitialized memory access. This could expose sensitive user data cached in memory, potentially affecting employees using these browsers for work or personal use on mobile devices.

CVE-2026-2794

Q: How to fix CVE-2026-2794?

Within 24 hours: Issue security alert to all staff using Firefox/Firefox Focus on Android recommending immediate upgrade to version 148+; audit which corporate devices run affected versions. Within 7 days: Verify upgrade compliance through mobile device management (MDM) systems and establish enforcement policies. Within 30 days: Complete inventory of affected devices, document remediation status, and implement policy restricting Firefox/Focus on Android to version 148+ or later.

HIGH

2026-02-24 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Apr 10, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 14:16 nvd

HIGH 7.5

Description

Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148.

Analysis

Uninitialized memory in Firefox and Firefox Focus for Android versions prior to 148 enables remote attackers to read sensitive data without authentication or user interaction. The vulnerability allows information disclosure through memory that was not properly cleared before use, potentially exposing confidential user information to network-based attackers.

Remediation

Within 24 hours: Issue security alert to all staff using Firefox/Firefox Focus on Android recommending immediate upgrade to version 148+; audit which corporate devices run affected versions. Within 7 days: Verify upgrade compliance through mobile device management (MDM) systems and establish enforcement policies. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

Vendor Status

CVE-2026-2794 vulnerability details – vuln.today

Back

CVE-2026-2794

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-2794

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code