SB2026071603 - Multiple vulnerabilities in Microsoft Edge
Published: July 16, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 vulnerabilities.
1) Untrusted Pointer Dereference (CVE-ID: CVE-2026-58596)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to elevate privileges.
The vulnerability exists due to untrusted pointer dereference in Microsoft Edge (Chromium-based) when rendering attacker-controlled web content. A remote attacker can host a specially crafted website and convince a user to visit it to escalate privileges.
Successful exploitation requires the user to visit the attacker-controlled webpage and perform two tap gestures that cause autofill to activate.
2) Race condition (CVE-ID: CVE-2026-55945)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to a race condition in Microsoft Edge (Chromium-based) when using shared resources with improper synchronization. A local user can trigger concurrent execution to disclose sensitive information.
Successful exploitation requires crafting deceptive or invisible form elements and the user performing two sequential taps. Disclosed information may include file content, and the impact may extend beyond the vulnerable component's security scope.
3) Heap-based buffer overflow (CVE-ID: CVE-2026-56645)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in Microsoft Edge (Chromium-based) when rendering crafted web content. A remote attacker can trick the victim into visiting a specially crafted website or opening a specially crafted URL to execute arbitrary code.
User interaction is required for exploitation.
4) Type Confusion (CVE-ID: CVE-2026-57975)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to type confusion in Microsoft Edge (Chromium-based) when processing crafted web content. A remote attacker can create a malicious webpage and induce the user to perform two tap gestures to execute arbitrary code.
User interaction is required, and successful exploitation depends on the victim visiting an attacker-controlled webpage and triggering autofill through two sequential taps.
5) Improper Authorization (CVE-ID: CVE-2026-57983)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass a security feature.
The vulnerability exists due to improper authorization in Microsoft Edge (Chromium-based) when rendering a specially crafted website. A remote attacker can host malicious content and trick a user into visiting it to bypass a security feature.
Successful exploitation requires deceptive or invisible form elements and two sequential taps by the user. An exploited vulnerability can affect resources beyond the security scope managed by the vulnerable component.
6) Use-after-free (CVE-ID: CVE-2026-57984)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in Microsoft Edge (Chromium-based) when processing crafted web content. A remote attacker can host a specially crafted website and convince a user to visit it to execute arbitrary code.
User interaction is required, and exploitation requires the user to perform two sequential tap gestures that activate autofill.
7) Input validation error (CVE-ID: CVE-2026-57985)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Microsoft Edge (Chromium-based) when rendering attacker-controlled web content. A remote attacker can host a specially crafted website and convince a user to visit it to execute arbitrary code.
User interaction is required, and exploitation may involve the user visiting an attacker-controlled webpage and performing gestures that activate autofill.
8) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-57987)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing.
The vulnerability exists due to server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) when rendering attacker-controlled web content. A remote attacker can host a specially crafted website and convince a user to visit it to perform spoofing.
User interaction is required. The user must visit the attacker-controlled webpage and perform two tap gestures that cause autofill to activate.
9) Path traversal (CVE-ID: CVE-2026-57988)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute code.
The vulnerability exists due to path traversal in Microsoft Edge (Chromium-based) when processing a specially crafted webpage or file. A remote attacker can host specially crafted content and convince a user to open it to execute code.
User interaction is required to visit the attacker-controlled webpage and perform the gestures that activate autofill, or to open a specially crafted file.
10) Use-after-free (CVE-ID: CVE-2026-57992)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in Microsoft Edge (Chromium-based) when processing crafted web content. A remote attacker can host a specially crafted website and convince a user to visit it to execute arbitrary code.
User interaction is required, and successful exploitation requires the user to perform two sequential tap gestures that activate autofill.
11) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-57993)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform spoofing.
The vulnerability exists due to server-side request forgery in Microsoft Edge (Chromium-based) when rendering an attacker-controlled webpage. A remote attacker can host a specially crafted website and convince a user to visit it to perform spoofing.
User interaction is required, and the user must visit the attacker-controlled webpage and perform two tap gestures that activate autofill.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-58596
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-55945
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-56645
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57975
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57983
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57984
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57985
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57987
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57988
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57992
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-57993