CVE-2026-57988
Microsoft · Edge (Chromium-based)
A relative path traversal vulnerability in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to execute code over a network.
Executive summary
A high-severity relative path traversal vulnerability in Microsoft Edge (Chromium-based) could allow an unauthenticated attacker to execute arbitrary code.
Vulnerability
This vulnerability is a relative path traversal flaw, which allows an unauthenticated attacker to manipulate file paths, potentially leading to unauthorized code execution. The vulnerability is triggered over a network, posing a significant risk to affected systems.
Business impact
The ability for an unauthenticated attacker to execute code presents a critical risk to the confidentiality, integrity, and availability of the affected host. Given the CVSS score of 7.1, this vulnerability is classified as High and could lead to total system compromise if exploited successfully. Such incidents can result in severe data breaches, system downtime, and significant operational disruption.
Remediation
Immediate Action: Update Microsoft Edge to version 150.0.4078.48 or later immediately upon release to remediate the path traversal flaw.
Proactive Monitoring: Monitor system logs for unauthorized file access attempts or anomalous process execution originating from the browser.
Compensating Controls: Implement endpoint protection solutions that can detect and prevent unauthorized code execution and restrict browser access to sensitive file system directories.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Due to the risk of code execution, this update should be prioritized as a critical maintenance task. Organizations must verify that all workstations have applied the necessary security updates to prevent potential exploitation.