Is CVE-2026-3909 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-3909 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-3909

CVSS 8.8. Out-of-bounds read/write in V8's JavaScript and WebAssembly engine. Arbitrary code execution via a crafted HTML page. All Chromium-based browsers affected — Chrome, Edge, Brave, Opera. Google confirmed active exploitation before the patch. The web's runtime engine has been actively compromised five times this year.

2026

What WebPulse reported · 1 analysis

Fifth Chrome Zero-Day of 2026. CVE-2026-11645 Hits V8 — the Engine Running Every Web Application and Every AI Agent's Browser. Actively Exploited in the Wild.

CVSS 8.8. Out-of-bounds read/write in V8's JavaScript and WebAssembly engine. Arbitrary code execution via a crafted HTML page. All Chromium-based browsers affe

June 16, 2026

View CVE-2026-3909 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657