Skip to main content

Microsoft EUVDEUVD-2026-16813

| CVE-2026-32187 MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2026-03-27 microsoft GHSA-ppf8-9fmv-q7vm
4.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.2 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 27, 2026 - 21:15 euvd
EUVD-2026-16813
Analysis Generated
Mar 27, 2026 - 21:15 vuln.today
Patch released
Mar 27, 2026 - 21:15 nvd
Patch available
CVE Published
Mar 27, 2026 - 20:42 nvd
MEDIUM 4.2

DescriptionCVE.org

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

AnalysisAI

Microsoft Edge (Chromium-based) contains a defense-in-depth vulnerability affecting all versions that allows remote attackers to disclose sensitive information and modify data through a network-based attack requiring user interaction. The vulnerability carries a CVSS score of 4.2 (low severity) with high attack complexity, indicating limited real-world exploitability despite dual confidentiality and integrity impacts. A vendor-released patch is available from Microsoft.

Technical ContextAI

This vulnerability affects Microsoft Edge (Chromium-based), which uses the Chromium open-source project as its underlying rendering engine. The CPE cpe:2.3:a:microsoft:microsoft_edge_(chromium-based):*:*:*:*:*:*:*:* indicates all versions of the Chromium-based Edge variant are affected. Classified as a defense-in-depth issue, this vulnerability likely represents a secondary security boundary bypass or information disclosure mechanism that does not constitute a critical flaw on its own but weakens the overall security posture. No specific CWE is assigned, suggesting Microsoft may have withheld technical details pending full deployment of the fix.

RemediationAI

Vendor-released patch is available from Microsoft. Organizations should update Microsoft Edge to the latest stable version through automatic updates or the Microsoft Update service. For detailed patching guidance and version-specific information, refer to the Microsoft Security Response Center (MSRC) vulnerability advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187. No interim workarounds are documented; patching represents the primary mitigation.

Share

EUVD-2026-16813 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy