What is the CVSS score of CVE-2026-6761?

CVE-2026-6761 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Firefox are affected by CVE-2026-6761?

CVE-2026-6761 is a high-severity privilege escalation vulnerability in Firefox and Firefox ESR that allows remote attackers to gain unauthorized access to sensitive data and system functionality…. A patch is available.

Firefox CVE-2026-6761

EUVD-2026-24102 HIGH

Improper Privilege Management (CWE-269)

2026-04-21 mozilla

GHSA-5mff-cxq5-82jv

Privilege Escalation Red Hat Mozilla Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 29, 2026 - 02:30 nvd

Patch available

Analysis Updated

Apr 22, 2026 - 00:37 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 21:22 vuln.today

cvss_changed

Severity Changed

Apr 21, 2026 - 21:22 NVD

MEDIUM HIGH

CVSS changed

Apr 21, 2026 - 21:22 NVD

6.5 (MEDIUM) 8.8 (HIGH)

Analysis Generated

Apr 21, 2026 - 18:24 vuln.today

CVSS changed

Apr 21, 2026 - 18:22 NVD

6.5 (MEDIUM)

EUVD ID Assigned

Apr 21, 2026 - 13:15 euvd

EUVD-2026-24102

Analysis Generated

Apr 21, 2026 - 13:15 vuln.today

CVE Published

Apr 21, 2026 - 12:40 nvd

HIGH 8.8

DescriptionNVD

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

AnalysisAI

Remote attackers can escalate privileges in Firefox and Firefox ESR through a flaw in the Networking component when a user interacts with malicious content. The vulnerability affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10, allowing attackers with no initial privileges to achieve high impact on confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Identify all Firefox and Firefox ESR instances in your environment and confirm current versions. Within 7 days: Deploy Firefox version 150 or later and Firefox ESR version 140.10 or later across all endpoints using your enterprise patch management system; prioritize machines with access to sensitive applications and data. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory