What is the CVSS score of EUVD-2026-24089?

EUVD-2026-24089 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Firefox are affected by EUVD-2026-24089?

CVE-2026-6748 is a critical remote code execution vulnerability in Firefox's Web Codecs API that allows unauthenticated attackers to execute arbitrary code and exfiltrate data through network access…. A patch is available.

Firefox EUVD-2026-24089

| CVE-2026-6748 CRITICAL

Use of Uninitialized Variable (CWE-457)

2026-04-21 mozilla

GHSA-75xc-fv5m-pprr

Information Disclosure Red Hat Mozilla Suse

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 29, 2026 - 02:30 nvd

Patch available

Analysis Updated

Apr 22, 2026 - 00:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 22, 2026 - 00:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 19:22 vuln.today

CVSS changed

Apr 21, 2026 - 19:22 NVD

9.8 (CRITICAL)

EUVD ID Assigned

Apr 21, 2026 - 13:15 euvd

EUVD-2026-24089

Analysis Generated

Apr 21, 2026 - 13:15 vuln.today

CVE Published

Apr 21, 2026 - 12:40 nvd

CRITICAL 9.8

DescriptionNVD

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

AnalysisAI

Uninitialized memory access in Firefox's Web Codecs API enables remote code execution without authentication. Attackers can exploit this CWE-457 (Use of Uninitialized Variable) flaw through network-accessible vectors with low complexity (AV:N/AC:L/PR:N/UI:N) to achieve complete system compromise including data exfiltration, arbitrary code execution, and denial of service. …

RemediationAI

Within 24 hours: Inventory all Firefox installations across the organization and disable Firefox or restrict its use to isolated environments. Within 7 days: Deploy Firefox 150 (or Firefox ESR 140.10 for ESR users) to all endpoints via patch management tools; verify successful installation on at least 95% of systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory