What is the CVSS score of CVE-2026-4717?

CVE-2026-4717 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2026-4717?

Organizations using the Netmonitor component. This vulnerability affects Firefox face critical risk from CVE-2026-4717 rated CVSS 9.8.. A patch is available.

Red Hat CVE-2026-4717

Q: How to fix or mitigate CVE-2026-4717?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

EUVD-2026-14849 CRITICAL

2026-03-24 mozilla

GHSA-pqfx-cwf8-965q

Privilege Escalation Red Hat Mozilla Suse

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 24, 2026 - 12:45 euvd

EUVD-2026-14849

Analysis Generated

Mar 24, 2026 - 12:45 vuln.today

CVE Published

Mar 24, 2026 - 12:30 nvd

CRITICAL 9.8

DescriptionNVD

Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.

AnalysisAI

Firefox's Netmonitor component contains a privilege escalation vulnerability that affects versions prior to 149 (ESR < 140.9), allowing unauthenticated attackers to gain elevated privileges through network-accessible attack vectors with no user interaction required. This critical flaw (CVSS 9.8) enables complete system compromise including confidentiality, integrity, and availability violations, with no patch currently available.

RemediationAI

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Debian

firefox

Release	Status	Fixed Version	Urgency
sid	vulnerable	148.0.2-1	-
(unstable)	fixed	(unfixed)	-

firefox-esr

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	115.14.0esr-1~deb11u1	-
bullseye (security)	vulnerable	140.8.0esr-1~deb11u1	-
bookworm	vulnerable	128.14.0esr-1~deb12u1	-
bookworm (security)	vulnerable	140.8.0esr-1~deb12u1	-
trixie (security), trixie	vulnerable	140.8.0esr-1~deb13u1	-
forky, sid	vulnerable	140.8.0esr-1	-
(unstable)	fixed	(unfixed)	-

CVE-2026-4717 vulnerability details – vuln.today

Back

Red Hat CVE-2026-4717

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Debian

Share

External POC / Exploit Code