Skip to main content

Microsoft Edge CVE-2026-57974

| EUVDEUVD-2026-41575 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-07-03 microsoft GHSA-mcm4-vwcv-x3pp
8.8
CVSS 3.1 · Vendor: microsoft
Temporal: 7.7
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.7 HIGH
cvss
vuln.today AI
8.8 HIGH

Network-delivered malicious page needing a victim to load it (AV:N/UI:R), no privileges (PR:N), low complexity, and memory-corruption RCE yields full C/I/A within the unchanged browser scope.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 03, 2026 - 21:23 vuln.today
CVE Published
Jul 03, 2026 - 20:35 nvd
HIGH 8.8

DescriptionCVE.org

Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to run arbitrary code by luring a victim to a malicious web page that triggers an integer overflow (CWE-190). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R) indicates network-based exploitation requiring user interaction, with high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Host malicious web page
Delivery
Lure victim to open link
Exploit
Trigger integer overflow in renderer
Execution
Corrupt heap memory
Impact
Execute arbitrary code in browser

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to actively open or render attacker-controlled web content in Microsoft Edge (Chromium-based) - the CVSS UI:R metric confirms user interaction is mandatory, so this cannot be triggered purely remotely without a user action. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals point to a genuinely high-priority browser flaw but not an emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious web page (or delivers it via a link in phishing email, a compromised ad, or a watering-hole site) containing content crafted to trigger the integer overflow in Edge's rendering engine. When the victim opens the page, the overflow corrupts memory in the renderer and executes attacker-controlled code with the browser's privileges. …
Remediation Patch available per vendor advisory: update Microsoft Edge to the fixed build published by Microsoft, consulting the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57974 for the exact patched version number, which is not stated in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Microsoft Edge through asset inventory tools and alert all users to avoid clicking suspicious links or visiting untrusted websites. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57983 CRITICAL
10.0 Jul 03

Security-feature bypass in Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 lets a remote, unauthenticate

CVE-2026-57981 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) th

CVE-2026-56645 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a heap-based buffer overflow (CWE-122) that a networ

CVE-2026-57985 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) before version 150.0.4078.48 allows an unauthenticated remote a

CVE-2026-50521 HIGH
8.3 Jul 01

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw th

CVE-2026-58281 HIGH
8.3 Jul 11

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated network attacker run arbitrary code by

CVE-2026-58289 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) before 150.0.4078.48 allows an unauthenticated attacker to run

CVE-2026-58596 HIGH
8.3 Jul 12

Privilege elevation in Microsoft Edge (Chromium-based) lets a network attacker escalate privileges by luring a victim in

CVE-2026-58288 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw th

CVE-2026-58285 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) via a type-confusion flaw (CWE-843) lets an unauthorized attack

CVE-2026-58287 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to run arbitrary code when a vi

CVE-2026-58284 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to break out of the browser's s

Share

CVE-2026-57974 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy