CVE-2026-58296
Microsoft · Edge (Chromium-based)
Microsoft Edge for Android contains a vulnerability that allows an unauthorized actor to disclose private personal information over a network.
Executive summary
A vulnerability in Microsoft Edge for Android exposes user private information, posing a significant risk of data disclosure to unauthorized network actors.
Vulnerability
This vulnerability involves the exposure of private personal information (CWE-359). The flaw can be triggered by an unauthenticated attacker, potentially allowing the unauthorized disclosure of sensitive data over a network connection.
Business impact
Successful exploitation of this vulnerability could lead to the compromise of sensitive user information, potentially resulting in privacy violations and unauthorized access to personal data. With a CVSS score of 7.1, this represents a High severity risk that could lead to reputational damage and loss of user trust in the affected mobile application.
Remediation
Immediate Action: Update Microsoft Edge for Android to version 150.0.4078.48 or later via the Google Play Store as soon as the update becomes available.
Proactive Monitoring: Monitor network traffic for unusual patterns originating from mobile devices and review application access logs for unexpected data requests.
Compensating Controls: Ensure devices are managed via mobile device management (MDM) solutions to restrict sensitive data access and enforce application security policies.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this information disclosure vulnerability necessitates prompt action to protect user data. Administrators and individual users are strongly advised to verify their current version of Microsoft Edge for Android and apply the vendor-provided update immediately to mitigate the risk of unauthorized data exposure.