Home / Vulnerability Intelligence / CVE-2026-7321

CVE-2026-7321 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: April 29, 2026

Firefox ESR - Sandbox Escape

Published: April 28, 2026Updated: April 29, 2026Remote Exploitable

Overview

Firefox ESR < 140.10.1 contains a sandbox escape caused by incorrect boundary conditions in the WebRTC Networking component, letting attackers escape sandbox restrictions, exploit requires no special conditions.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 3.8%(Probability of exploitation in next 30 days)

Impact

Attackers can escape sandbox restrictions, potentially leading to full system compromise.

Mitigation

Update to Firefox ESR 140.10.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 28, 2026

🔴 CVE-2026-7321 - Critical (9.6) Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7321/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-7321
Severity: Critical
CVSS Score: 9.6
Type: sandbox_escape
Status: unconfirmed
EPSS: 3.8%
Social Posts: 1

CWE

CWE-120

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

3.8%Probability of exploitation in the next 30 days