CVE-2026-58297
Microsoft · Edge (Chromium-based)
A vulnerability in Microsoft Edge for Android allows an unauthorized actor to disclose private personal information over a network.
Executive summary
A critical information exposure flaw in Microsoft Edge for Android permits unauthorized actors to access sensitive user data over the network.
Vulnerability
The application suffers from an improper exposure of private personal information (CWE-359). This flaw allows an unauthenticated attacker to exploit the browser's handling of data to facilitate unauthorized information disclosure.
Business impact
The exploitation of this vulnerability poses a High risk to data confidentiality, as reflected by the CVSS score of 7.1. Unauthorized access to personal information can lead to significant privacy breaches, regulatory non-compliance, and potential exploitation of the disclosed data for further malicious activities.
Remediation
Immediate Action: Update the Microsoft Edge for Android application to version 150.0.4078.48 or later to resolve the underlying security flaw.
Proactive Monitoring: Security teams should monitor for anomalous network traffic and unexpected outbound data transfers from mobile endpoints.
Compensating Controls: Utilize network-level traffic inspection and mobile endpoint security controls to detect and block suspicious data exfiltration attempts.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the High severity rating, it is imperative that users and organizations update their installations of Microsoft Edge for Android to the latest available version. Timely remediation is the most effective way to prevent the unauthorized disclosure of private information and maintain the security posture of the mobile environment.