CVE-2026-58596
Microsoft · Microsoft Edge (Chromium-based)
An untrusted pointer dereference vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to potentially elevate privileges via a specifically crafted network interaction.
Executive summary
Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 are affected by an untrusted pointer dereference vulnerability that could allow an attacker to elevate privileges.
Vulnerability
The software fails to properly handle pointers, leading to an untrusted pointer dereference. This allows an unauthorized attacker to influence system behavior, potentially resulting in privilege escalation.
Business impact
While the CVSS score is 8.3, the potential for privilege escalation makes this a high-priority concern for endpoint security. Successful exploitation could allow an attacker to move from a standard user context to a higher privilege level, significantly increasing the risk of persistent malware installation or full system takeover.
Remediation
Immediate Action: Update Microsoft Edge to version 150.0.4078.48 or later through the browser's built-in update mechanism or via centralized deployment tools.
Proactive Monitoring: Review endpoint security logs for anomalous process execution patterns or signs of unexpected privilege escalation attempts.
Compensating Controls: Maintain robust endpoint protection platforms (EPP) to detect and block malicious code execution attempts arising from browser-based vulnerabilities.
Exploitation status
Public Exploit Available: No confirmed public weaponized exploit.
Analyst recommendation
Organizations should ensure that automatic updates for Microsoft Edge are enabled and enforced across the fleet. Given the potential for privilege escalation, patching should be treated with high urgency to protect against future weaponization of this vulnerability.