What is the CVSS score of CVE-2026-4718?

CVE-2026-4718 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2026-4718?

CVE-2026-4718 presents notable security risk rated CVSS 8.1. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.. A patch is available.

Red Hat CVE-2026-4718

Q: How to fix or mitigate CVE-2026-4718?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

EUVD-2026-14851 HIGH

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (CWE-758)

2026-03-24 mozilla

GHSA-9r85-xf24-6724

Information Disclosure Red Hat Mozilla Suse

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 24, 2026 - 12:45 euvd

EUVD-2026-14851

Analysis Generated

Mar 24, 2026 - 12:45 vuln.today

CVE Published

Mar 24, 2026 - 12:30 nvd

HIGH 8.1

DescriptionNVD

Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.

AnalysisAI

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. …

RemediationAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Debian

firefox

Release	Status	Fixed Version	Urgency
sid	vulnerable	148.0.2-1	-
(unstable)	fixed	(unfixed)	-

firefox-esr

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	115.14.0esr-1~deb11u1	-
bullseye (security)	vulnerable	140.8.0esr-1~deb11u1	-
bookworm	vulnerable	128.14.0esr-1~deb12u1	-
bookworm (security)	vulnerable	140.8.0esr-1~deb12u1	-
trixie (security), trixie	vulnerable	140.8.0esr-1~deb13u1	-
forky, sid	vulnerable	140.8.0esr-1	-
(unstable)	fixed	(unfixed)	-

CVE-2026-4718 vulnerability details – vuln.today

Back