Skip to main content

Edge Chromium CVE-2026-21223

HIGH
Improper Privilege Management (CWE-269)
2026-01-16 secure@microsoft.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 16, 2026 - 22:16 nvd
HIGH 7.1

DescriptionCVE.org

Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

AnalysisAI

Chromium-based Microsoft Edge contains a privilege management flaw that enables local authenticated users to circumvent security controls through improper access restrictions. An authorized attacker can exploit this vulnerability to gain unauthorized capabilities on the affected system, though the specific security feature being bypassed is not detailed. No patch is currently available for this high-severity issue.

Technical ContextAI

Classified as CWE-269 (Improper Privilege Management). Affects Edge Chromium. Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-5419 HIGH POC
8.8 Jun 03

Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling

CVE-2022-4135 CRITICAL POC
9.6 Nov 25

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the r

CVE-2025-49713 HIGH POC
8.8 Jul 02

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized

CVE-2023-5217 HIGH POC
8.8 Sep 28

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remo

CVE-2023-4863 HIGH POC
8.8 Sep 12

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to

CVE-2021-21157 HIGH POC
8.8 Feb 22

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially

CVE-2021-21128 HIGH POC
8.8 Feb 09

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit he

CVE-2021-21127 HIGH POC
8.8 Feb 09

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass

CVE-2020-16009 HIGH POC
8.8 Nov 03

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially expl

CVE-2023-24892 HIGH POC
8.2 Mar 14

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is r

CVE-2023-36887 HIGH POC
7.8 Jul 14

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2025-49741 HIGH POC
7.4 Jul 01

A security vulnerability in No cwe for this (CVSS 7.4) that allows an unauthorized attacker. Risk factors: public PoC av

Share

CVE-2026-21223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy