SB2026071603 - Multiple vulnerabilities in Microsoft Edge



SB2026071603 - Multiple vulnerabilities in Microsoft Edge

Published: July 16, 2026

Security Bulletin ID SB2026071603
CSH Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 36% Medium 36% Low 27%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 vulnerabilities.


1) Untrusted Pointer Dereference (CVE-ID: CVE-2026-58596)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to elevate privileges.

The vulnerability exists due to untrusted pointer dereference in Microsoft Edge (Chromium-based) when rendering attacker-controlled web content. A remote attacker can host a specially crafted website and convince a user to visit it to escalate privileges.

Successful exploitation requires the user to visit the attacker-controlled webpage and perform two tap gestures that cause autofill to activate.


2) Race condition (CVE-ID: CVE-2026-55945)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to a race condition in Microsoft Edge (Chromium-based) when using shared resources with improper synchronization. A local user can trigger concurrent execution to disclose sensitive information.

Successful exploitation requires crafting deceptive or invisible form elements and the user performing two sequential taps. Disclosed information may include file content, and the impact may extend beyond the vulnerable component's security scope.


3) Heap-based buffer overflow (CVE-ID: CVE-2026-56645)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Edge (Chromium-based) when rendering crafted web content. A remote attacker can trick the victim into visiting a specially crafted website or opening a specially crafted URL to execute arbitrary code.

User interaction is required for exploitation.


4) Type Confusion (CVE-ID: CVE-2026-57975)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to type confusion in Microsoft Edge (Chromium-based) when processing crafted web content. A remote attacker can create a malicious webpage and induce the user to perform two tap gestures to execute arbitrary code.

User interaction is required, and successful exploitation depends on the victim visiting an attacker-controlled webpage and triggering autofill through two sequential taps.


5) Improper Authorization (CVE-ID: CVE-2026-57983)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass a security feature.

The vulnerability exists due to improper authorization in Microsoft Edge (Chromium-based) when rendering a specially crafted website. A remote attacker can host malicious content and trick a user into visiting it to bypass a security feature.

Successful exploitation requires deceptive or invisible form elements and two sequential taps by the user. An exploited vulnerability can affect resources beyond the security scope managed by the vulnerable component.


6) Use-after-free (CVE-ID: CVE-2026-57984)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Edge (Chromium-based) when processing crafted web content. A remote attacker can host a specially crafted website and convince a user to visit it to execute arbitrary code.

User interaction is required, and exploitation requires the user to perform two sequential tap gestures that activate autofill.


7) Input validation error (CVE-ID: CVE-2026-57985)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Microsoft Edge (Chromium-based) when rendering attacker-controlled web content. A remote attacker can host a specially crafted website and convince a user to visit it to execute arbitrary code.

User interaction is required, and exploitation may involve the user visiting an attacker-controlled webpage and performing gestures that activate autofill.


8) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-57987)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform spoofing.

The vulnerability exists due to server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) when rendering attacker-controlled web content. A remote attacker can host a specially crafted website and convince a user to visit it to perform spoofing.

User interaction is required. The user must visit the attacker-controlled webpage and perform two tap gestures that cause autofill to activate.


9) Path traversal (CVE-ID: CVE-2026-57988)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute code.

The vulnerability exists due to path traversal in Microsoft Edge (Chromium-based) when processing a specially crafted webpage or file. A remote attacker can host specially crafted content and convince a user to open it to execute code.

User interaction is required to visit the attacker-controlled webpage and perform the gestures that activate autofill, or to open a specially crafted file.


10) Use-after-free (CVE-ID: CVE-2026-57992)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Edge (Chromium-based) when processing crafted web content. A remote attacker can host a specially crafted website and convince a user to visit it to execute arbitrary code.

User interaction is required, and successful exploitation requires the user to perform two sequential tap gestures that activate autofill.


11) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-57993)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform spoofing.

The vulnerability exists due to server-side request forgery in Microsoft Edge (Chromium-based) when rendering an attacker-controlled webpage. A remote attacker can host a specially crafted website and convince a user to visit it to perform spoofing.

User interaction is required, and the user must visit the attacker-controlled webpage and perform two tap gestures that activate autofill.


Remediation

Install update from vendor's website.