Improper Authorization in Microsoft Edge - CVE-2026-57983

 

Improper Authorization in Microsoft Edge - CVE-2026-57983

Published: July 15, 2026


Vulnerability identifier: #VU137810
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-57983
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass a security feature.

The vulnerability exists due to improper authorization in Microsoft Edge (Chromium-based) when rendering a specially crafted website. A remote attacker can host malicious content and trick a user into visiting it to bypass a security feature.

Successful exploitation requires deceptive or invisible form elements and two sequential taps by the user. An exploited vulnerability can affect resources beyond the security scope managed by the vulnerable component.


How to mitigate CVE-2026-57983

Install security update from vendor's website.

Sources