What is the CVSS score of CVE-2026-8092?

CVE-2026-8092 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Mozilla Firefox are affected by CVE-2026-8092?

Mozilla Firefox versions 150.0.1, 140.10.1, and 115.35.1 contain critical memory corruption vulnerabilities in the rendering engine that could allow remote code execution if a user visits a malicious…. A patch is available.

Mozilla Firefox CVE-2026-8092

EUVD-2026-28363 HIGH

Out-of-bounds Read (CWE-125)

2026-05-07 mozilla

GHSA-2ch8-2mw7-grmm

RCE Buffer Overflow Information Disclosure Mozilla

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 08, 2026 - 15:23 vuln.today

CVSS changed

May 08, 2026 - 15:22 NVD

8.1 (HIGH)

CVE Published

May 07, 2026 - 12:45 nvd

UNKNOWN (no severity yet)

CVE Published

May 07, 2026 - 12:45 nvd

HIGH 8.1

DescriptionNVD

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2.

AnalysisAI

Multiple memory corruption vulnerabilities in Mozilla Firefox allow remote code execution through browser rendering engine flaws. Firefox ESR 115.35.1, Firefox ESR 140.10.1, and Firefox 150.0.1 contain memory safety bugs with evidence of memory corruption that could enable arbitrary code execution. …

RemediationAI

Within 24 hours: Inventory all Firefox deployments and identify users running versions 150.0.1, 140.10.1, or 115.35.1. Within 7 days: Deploy Firefox 150.0.2 (standard release), Firefox ESR 140.10.2 (Extended Support Release), and Firefox ESR 115.35.2 (ESR legacy) through patch management or auto-update configuration. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

Vendor StatusVendor

CVE-2026-8092 vulnerability details – vuln.today

Back

Mozilla Firefox CVE-2026-8092

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code