CVE-2026-58525

Microsoft · Microsoft Edge (Chromium-based)

Microsoft Edge (Chromium-based) contains an improper access control vulnerability that enables unauthenticated attackers to perform security feature bypasses.

Executive summary

An improper access control flaw in Microsoft Edge (Chromium-based) presents a high risk by allowing unauthorized attackers to bypass critical security features over the network.

Vulnerability

The vulnerability (CWE-284) involves improper access control that permits an unauthenticated attacker to circumvent security controls. This is typically triggered over a network, potentially allowing a malicious actor to gain unauthorized access or manipulate browser security contexts.

Business impact

Exploitation of this vulnerability could lead to the bypass of security mechanisms designed to protect user data and system integrity. With a CVSS score of 8.2, the risk of unauthorized access or escalation is significant, potentially resulting in data exfiltration or the compromise of local browser-based sessions.

Remediation

Immediate Action: Apply the latest security updates provided by Microsoft for the Edge browser as soon as they become available.

Proactive Monitoring: Review browser-related logs and network traffic for unusual patterns that might indicate attempts to trigger security feature bypasses.

Compensating Controls: Utilize endpoint protection software and enforce organizational policies that restrict the execution of untrusted web content.

Exploitation status

Public Exploit Available: False

Analyst recommendation

Microsoft Edge users are advised to ensure their browser is updated to version 150.0.4078.50 or higher. Organizations should verify that their automated update channels are active to mitigate this high-severity risk.