Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-6760 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-6760 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6760 is a mitigation bypass vulnerability in the Networking: Cookies component of Mozilla Firefox and Mozilla Thunderbird, affecting versions prior to Firefox 150 and Thunderbird 150.

Technical Detail

The flaw resides in how the Networking: Cookies component handles cookie-related security mitigations, allowing an attacker to circumvent protections that would otherwise restrict cookie access or manipulation. The precise bypass mechanism has not been fully disclosed, but mitigation bypass vulnerabilities of this class typically allow an attacker to leverage a crafted web resource or message to undermine controls such as SameSite enforcement, HttpOnly restrictions, or cookie isolation boundaries. With a CVSS score of 9.8, the assessed impact is severe, suggesting that successful exploitation could enable cross-site data access, session hijacking, or facilitate further attack chains against authenticated users.

Exploitation Status

No known exploit has been publicly documented for this vulnerability as of April 28, 2026. It is not listed in the CISA Known Exploited Vulnerabilities catalog. There is no confirmed proof-of-concept code or evidence of active exploitation in the wild at this time, though the critical severity rating warrants prompt remediation regardless.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence.

What To Do

Organizations should update Mozilla Firefox to version 150 or later and Mozilla Thunderbird to version 150 or later immediately, prioritizing internet-facing systems and endpoints used for authenticated web sessions. Given the critical CVSS score and the nature of a cookie mitigation bypass, environments where session integrity is critical, such as those handling financial, healthcare, or privileged administrative access, should treat this as a high-priority patch. Until patching is complete, consider enforcing network-level controls that restrict access to untrusted web content where feasible. Monitor for anomalous cookie-related activity or unexpected session behavior as a detection signal pending further technical disclosure.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →