6.2
CVE-2026-58300
- EPSS 0.34%
- Veröffentlicht 03.07.2026 20:35:34
- Zuletzt bearbeitet 07.07.2026 22:48:09
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Edge for Android Information Disclosure Vulnerability
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Edge Chromium Version < 150.0.4078.48
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| secure@microsoft.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-36 Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58300