Race condition in Microsoft Edge - CVE-2026-55945

 

Race condition in Microsoft Edge - CVE-2026-55945

Published: July 15, 2026


Vulnerability identifier: #VU137807
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-55945
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to a race condition in Microsoft Edge (Chromium-based) when using shared resources with improper synchronization. A local user can trigger concurrent execution to disclose sensitive information.

Successful exploitation requires crafting deceptive or invisible form elements and the user performing two sequential taps. Disclosed information may include file content, and the impact may extend beyond the vulnerable component's security scope.


How to mitigate CVE-2026-55945

Install security update from vendor's website.

Sources