CVE-2026-58298
Microsoft · Edge (Chromium-based)
A cross-site scripting (XSS) vulnerability in Microsoft Edge allows an unauthenticated, remote attacker to perform spoofing attacks via network-based input manipulation.
Executive summary
A high-severity cross-site scripting vulnerability in Microsoft Edge (Chromium-based) could allow an unauthenticated attacker to conduct spoofing attacks against users.
Vulnerability
This vulnerability is a Cross-Site Scripting (XSS) flaw resulting from the improper neutralization of user-supplied input during web page generation. An unauthenticated attacker can exploit this via the network to execute malicious scripts in the context of the user's browser session.
Business impact
The exploitation of this vulnerability poses a significant risk to organizational security, as it facilitates spoofing attacks that can lead to credential theft, session hijacking, or the delivery of malicious content to users. With a CVSS score of 7.2, this flaw is categorized as High severity, indicating a potential for meaningful impact on data integrity and user trust. Successful exploitation could result in reputational damage and unauthorized access to sensitive web applications accessed through the browser.
Remediation
Immediate Action: Update all Microsoft Edge installations to version 150.0.4078.48 or later as soon as the vendor provides the update package.
Proactive Monitoring: Monitor browser-based traffic and logs for suspicious script injections or unauthorized redirects that deviate from standard web behavior.
Compensating Controls: Deploy a robust Content Security Policy (CSP) and ensure Web Application Firewalls (WAF) are configured to detect and block common XSS payloads.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the high severity of this XSS vulnerability, organizations should prioritize the deployment of the vendor's security update across all endpoints. Users should be advised to exercise caution when interacting with untrusted web content until the patch is applied.