CVE-2026-57991

Microsoft · Edge (Chromium-based)

An improper link resolution vulnerability in Microsoft Edge (Chromium-based) allows an unauthenticated, remote attacker to disclose sensitive information.

Executive summary

A file access link resolution vulnerability in Microsoft Edge permits unauthorized information disclosure, threatening the confidentiality of local and network data.

Vulnerability

This vulnerability involves improper link resolution before file access, often referred to as "link following." An unauthenticated, remote attacker can leverage this to bypass security boundaries and disclose information over a network.

Business impact

The exploitation of this flaw can result in the unauthorized disclosure of sensitive information, potentially including local file contents or restricted network data. With a CVSS score of 7.4, this vulnerability represents a significant risk to data privacy and regulatory compliance, as it allows attackers to gain visibility into information they are not permitted to access.

Remediation

Immediate Action: Update Microsoft Edge to version 150.0.4078.48 or higher as provided by the vendor.

Proactive Monitoring: Review browser and network access logs for anomalous file access patterns or unexpected cross-origin requests that could signify exploitation attempts.

Compensating Controls: Implement robust Endpoint Detection and Response (EDR) solutions to monitor for unauthorized file system access or suspicious browser behavior.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Information disclosure vulnerabilities of this nature can serve as a precursor to more complex attacks. Security teams should ensure that the latest browser updates are pushed to all endpoints immediately to mitigate the risk of unauthorized data exposure.