CVE-2026-58297

Microsoft · Edge (Chromium-based)

A vulnerability in Microsoft Edge for Android allows an unauthorized actor to disclose private personal information over a network.

Executive summary

A critical information exposure flaw in Microsoft Edge for Android permits unauthorized actors to access sensitive user data over the network.

Vulnerability

The application suffers from an improper exposure of private personal information (CWE-359). This flaw allows an unauthenticated attacker to exploit the browser's handling of data to facilitate unauthorized information disclosure.

Business impact

The exploitation of this vulnerability poses a High risk to data confidentiality, as reflected by the CVSS score of 7.1. Unauthorized access to personal information can lead to significant privacy breaches, regulatory non-compliance, and potential exploitation of the disclosed data for further malicious activities.

Remediation

Immediate Action: Update the Microsoft Edge for Android application to version 150.0.4078.48 or later to resolve the underlying security flaw.

Proactive Monitoring: Security teams should monitor for anomalous network traffic and unexpected outbound data transfers from mobile endpoints.

Compensating Controls: Utilize network-level traffic inspection and mobile endpoint security controls to detect and block suspicious data exfiltration attempts.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the High severity rating, it is imperative that users and organizations update their installations of Microsoft Edge for Android to the latest available version. Timely remediation is the most effective way to prevent the unauthorized disclosure of private information and maintain the security posture of the mobile environment.