CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 132 of 148
- CVE-2026-2764CRITICALCVSS 9.8EG 9.82026-02-24
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2765CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2766CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2767CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2769HIGHCVSS 8.8EG 8.82026-02-24
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2770CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2772CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-27854MEDIUMCVSS 4.8EG 4.82026-03-31
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS …
- CVE-2026-2786CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2787CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2789CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-27908HIGHCVSS 7.0EG 7.02026-04-14
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
- CVE-2026-27909HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
- CVE-2026-27911HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- CVE-2026-27915HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- CVE-2026-27916HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- CVE-2026-27917HIGHCVSS 7.0EG 7.02026-04-14
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
- CVE-2026-27921HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- CVE-2026-27922HIGHCVSS 7.0EG 7.02026-04-14
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-27923HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- CVE-2026-27924HIGHCVSS 7.8EG 7.82026-04-14
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- CVE-2026-27925MEDIUMCVSS 6.5EG 6.52026-04-14
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
- CVE-2026-27926HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-27927HIGHCVSS 7.8EG 7.82026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-2795CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-2797HIGHCVSS 8.8EG 9.82026-02-24
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-2798HIGHCVSS 8.8EG 8.82026-02-24
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-2799CRITICALCVSS 9.8EG 9.82026-02-24
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-2804MEDIUMCVSS 5.4EG 5.42026-02-24
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-28387HIGHCVSS 8.1EG 8.12026-04-07
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary…
- CVE-2026-28529HIGHCVSS 8.5EG 8.52026-03-25
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/cryp…
- CVE-2026-28733MEDIUMCVSS 6.5EG 6.52026-05-19
in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
- CVE-2026-28857MEDIUMCVSS 6.5EG 6.52026-03-25
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2026-28859MEDIUMCVSS 4.3EG 4.32026-03-25
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web conten…
- CVE-2026-28883HIGHCVSS 7.5EG 7.52026-05-11
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may le…
- CVE-2026-28942MEDIUMCVSS 6.5EG 6.52026-05-11
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may le…
- CVE-2026-28946MEDIUMCVSS 6.5EG 6.52026-05-11
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
- CVE-2026-28947HIGHCVSS 8.8EG 8.82026-05-11
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may le…
- CVE-2026-28969HIGHCVSS 7.5EG 7.52026-05-11
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, wat…
- CVE-2026-28994MEDIUMCVSS 5.3EG 5.32026-05-11
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An a…
- CVE-2026-29167CRITICALCVSS 9.8EG 9.82026-06-08
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
- CVE-2026-31389HIGHCVSS 7.8EG 7.82026-04-03
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails d…
- CVE-2026-31396HIGHCVSS 7.8EG 7.82026-04-03
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed v…
- CVE-2026-31399HIGHCVSS 7.8EG 7.82026-04-03
In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register()…
- CVE-2026-31408HIGHCVSS 8.8EG 8.82026-04-06
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately releases the lock w…
- CVE-2026-31419HIGHCVSS 7.8EG 7.82026-04-13
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clone…
- CVE-2026-31426HIGHCVSS 7.0EG 7.02026-04-13
In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns -EPROBE_DEFER on reduced-hardware platforms, it has already started th…
- CVE-2026-31444CRITICALCVSS 9.8EG 9.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequence: 1) opinfo is linked into ci->m_op_l…
- CVE-2026-31446HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in update_super_work when racing with umount Commit b98535d09179 ("ext4: fix bug_on in start_this_handle during umount filesystem") moved ext4_u…
- CVE-2026-31454HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping the AIL lock in push callbacks In xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL lock is dropped to perform buffer IO. Onc…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →