CVE-2026-58293

Microsoft · Edge (Chromium-based)

External control of file paths in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Executive summary

A critical remote code execution vulnerability in Microsoft Edge allows unauthorized attackers to compromise affected systems via malicious file paths.

Vulnerability

The vulnerability stems from improper validation of file names or paths, permitting an unauthenticated, remote attacker to execute arbitrary code within the context of the application.

Business impact

A remote code execution (RCE) vulnerability is among the most severe security threats, as it allows an attacker to gain unauthorized control over the host system. Given the CVSS score of 8.1, this flaw could lead to a complete compromise of the workstation, unauthorized access to sensitive corporate data, and potential lateral movement within the network.

Remediation

Immediate Action: Prioritize the deployment of vendor security updates to address the underlying file path validation flaw.

Proactive Monitoring: Monitor endpoint process execution logs for unusual child processes originating from the web browser, which may indicate an exploitation attempt.

Compensating Controls: Utilize Web Application Firewalls (WAF) and endpoint detection and response (EDR) tools to detect and block malicious payloads before they can leverage the vulnerable file path handling.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The potential for remote code execution demands an immediate and urgent response. Administrators should proactively track the Microsoft security release schedule and apply the necessary patches to all endpoints to prevent system-level compromise.