CVE-2026-57988

Microsoft · Edge (Chromium-based)

A relative path traversal vulnerability in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to execute code over a network.

Executive summary

A high-severity relative path traversal vulnerability in Microsoft Edge (Chromium-based) could allow an unauthenticated attacker to execute arbitrary code.

Vulnerability

This vulnerability is a relative path traversal flaw, which allows an unauthenticated attacker to manipulate file paths, potentially leading to unauthorized code execution. The vulnerability is triggered over a network, posing a significant risk to affected systems.

Business impact

The ability for an unauthenticated attacker to execute code presents a critical risk to the confidentiality, integrity, and availability of the affected host. Given the CVSS score of 7.1, this vulnerability is classified as High and could lead to total system compromise if exploited successfully. Such incidents can result in severe data breaches, system downtime, and significant operational disruption.

Remediation

Immediate Action: Update Microsoft Edge to version 150.0.4078.48 or later immediately upon release to remediate the path traversal flaw.

Proactive Monitoring: Monitor system logs for unauthorized file access attempts or anomalous process execution originating from the browser.

Compensating Controls: Implement endpoint protection solutions that can detect and prevent unauthorized code execution and restrict browser access to sensitive file system directories.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Due to the risk of code execution, this update should be prioritized as a critical maintenance task. Organizations must verify that all workstations have applied the necessary security updates to prevent potential exploitation.