CVE-2026-58290

Microsoft · Edge (Chromium-based)

A type confusion vulnerability in Microsoft Edge (Chromium-based) permits an unauthenticated attacker to execute code over a network, potentially impacting system integrity.

Executive summary

A high-severity type confusion vulnerability in Microsoft Edge (Chromium-based) could allow an unauthenticated attacker to achieve remote code execution.

Vulnerability

The vulnerability is a type confusion flaw (CWE-843) occurring within the browser's processing logic. An unauthenticated attacker may leverage this flaw over a network to influence the browser's execution flow.

Business impact

This vulnerability carries a CVSS score of 7.5, indicating a high risk of unauthorized system access or manipulation. If exploited, an attacker could gain elevated control over the browser session, leading to potential data compromise or further lateral movement within the network.

Remediation

Immediate Action: Apply the latest security updates provided by Microsoft to upgrade Edge to version 150.0.4078.48 or later.

Proactive Monitoring: Review browser logs and endpoint telemetry for patterns indicative of memory corruption or unusual browser behavior.

Compensating Controls: Utilize advanced threat protection tools that monitor for anomalous browser memory usage or suspicious script execution.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams must treat this update with high priority to mitigate the risk of exploitation. Users and administrators should ensure that automatic updates are enabled to receive the necessary security patches immediately upon release.