Skip to main content

Microsoft Edge CVE-2026-58596

| EUVDEUVD-2026-43239 HIGH
Untrusted Pointer Dereference (CWE-822)
2026-07-12 microsoft GHSA-5xq8-3g6j-ph3q
8.3
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.3 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Network-delivered web content (AV:N) needing victim interaction (UI:R) and a hard-to-build memory exploit (AC:H); no auth (PR:N); sandbox escape yields scope change (S:C) with full C/I/A impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 12, 2026 - 15:46 vuln.today
CVE Published
Jul 12, 2026 - 15:22 cve.org
HIGH 8.3

DescriptionCVE.org

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

AnalysisAI

Privilege elevation in Microsoft Edge (Chromium-based) lets a network attacker escalate privileges by luring a victim into loading crafted web content that triggers an untrusted pointer dereference (CWE-822). Microsoft rates it CVSS 8.3, driven by a scope change (sandbox/boundary crossing) and full confidentiality, integrity, and availability impact, but exploitation requires user interaction and is of high attack complexity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to malicious web page
Delivery
Deliver crafted content to Edge renderer
Exploit
Trigger untrusted pointer dereference
Execution
Cross sandbox/privilege boundary (scope change)
Impact
Execute code at elevated privilege

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to load attacker-controlled web content in Microsoft Edge (Chromium-based) and perform the interaction implied by UI:R (e.g., visiting or clicking through a malicious page) - it is not a silent drive-by against a passive target. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and should temper the raw 8.3 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious web page (or malvertising / compromised site) crafted to feed an untrusted pointer to a vulnerable Edge code path, then entices a victim to visit it. When the page loads and the victim interacts as required, the dereference is triggered to cross the browser's privilege/sandbox boundary and run attacker-controlled logic at higher privilege. …
Remediation Patch available per vendor advisory: update Microsoft Edge to the fixed Stable-channel build referenced in the MSRC guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58596 (the exact fixed version is not specified in the provided data - do not assume a build number). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Alert IT operations and business stakeholders; activate patch deployment procedures for Microsoft Edge. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57983 CRITICAL
10.0 Jul 03

Security-feature bypass in Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 lets a remote, unauthenticate

CVE-2026-57981 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) th

CVE-2026-57974 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to run arbitrary code by lur

CVE-2026-56645 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a heap-based buffer overflow (CWE-122) that a networ

CVE-2026-57985 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) before version 150.0.4078.48 allows an unauthenticated remote a

CVE-2026-50521 HIGH
8.3 Jul 01

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw th

CVE-2026-58281 HIGH
8.3 Jul 11

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated network attacker run arbitrary code by

CVE-2026-58289 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) before 150.0.4078.48 allows an unauthenticated attacker to run

CVE-2026-58288 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw th

CVE-2026-58285 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) via a type-confusion flaw (CWE-843) lets an unauthorized attack

CVE-2026-58287 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to run arbitrary code when a vi

CVE-2026-58284 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to break out of the browser's s

Share

CVE-2026-58596 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy