What is CVE-2026-41431?

CVE-2026-41431 is a high-severity vulnerability in Zen-browser Desktop, classified under Improper Verification of Cryptographic Signature. CVSS score: 8.0/10. Published 2026-05-11.

How severe is CVE-2026-41431?

High severity. CVSS v3 base score is 8.0 out of 10.

Vulnerability in Zen-browser Desktop

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The M…

EPSS: 0.000 (6.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Zen-browser Desktop — versions < 1.19.9b

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-41431?: CVE-2026-41431 is a high-severity vulnerability in Zen-browser Desktop, classified under Improper Verification of Cryptographic Signature. CVSS score: 8.0/10. Published 2026-05-11.
How severe is CVE-2026-41431?: High severity. CVSS v3 base score is 8.0 out of 10.