CVE-2026-58596

Microsoft · Microsoft Edge (Chromium-based)

An untrusted pointer dereference vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to potentially elevate privileges via a specifically crafted network interaction.

Executive summary

Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 are affected by an untrusted pointer dereference vulnerability that could allow an attacker to elevate privileges.

Vulnerability

The software fails to properly handle pointers, leading to an untrusted pointer dereference. This allows an unauthorized attacker to influence system behavior, potentially resulting in privilege escalation.

Business impact

While the CVSS score is 8.3, the potential for privilege escalation makes this a high-priority concern for endpoint security. Successful exploitation could allow an attacker to move from a standard user context to a higher privilege level, significantly increasing the risk of persistent malware installation or full system takeover.

Remediation

Immediate Action: Update Microsoft Edge to version 150.0.4078.48 or later through the browser's built-in update mechanism or via centralized deployment tools.

Proactive Monitoring: Review endpoint security logs for anomalous process execution patterns or signs of unexpected privilege escalation attempts.

Compensating Controls: Maintain robust endpoint protection platforms (EPP) to detect and block malicious code execution attempts arising from browser-based vulnerabilities.

Exploitation status

Public Exploit Available: No confirmed public weaponized exploit.

Analyst recommendation

Organizations should ensure that automatic updates for Microsoft Edge are enabled and enforced across the fleet. Given the potential for privilege escalation, patching should be treated with high urgency to protect against future weaponization of this vulnerability.