Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
AnalysisAI
Microsoft Edge (Chromium-based) contains a defense-in-depth vulnerability affecting all versions that allows remote attackers to disclose sensitive information and modify data through a network-based attack requiring user interaction. The vulnerability carries a CVSS score of 4.2 (low severity) with high attack complexity, indicating limited real-world exploitability despite dual confidentiality and integrity impacts. A vendor-released patch is available from Microsoft.
Technical ContextAI
This vulnerability affects Microsoft Edge (Chromium-based), which uses the Chromium open-source project as its underlying rendering engine. The CPE cpe:2.3:a:microsoft:microsoft_edge_(chromium-based):*:*:*:*:*:*:*:* indicates all versions of the Chromium-based Edge variant are affected. Classified as a defense-in-depth issue, this vulnerability likely represents a secondary security boundary bypass or information disclosure mechanism that does not constitute a critical flaw on its own but weakens the overall security posture. No specific CWE is assigned, suggesting Microsoft may have withheld technical details pending full deployment of the fix.
RemediationAI
Vendor-released patch is available from Microsoft. Organizations should update Microsoft Edge to the latest stable version through automatic updates or the Microsoft Update service. For detailed patching guidance and version-specific information, refer to the Microsoft Security Response Center (MSRC) vulnerability advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187. No interim workarounds are documented; patching represents the primary mitigation.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16813
GHSA-ppf8-9fmv-q7vm