6.8

CVE-2026-58522

Microsoft Edge for Android Information Disclosure Vulnerability

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftEdge Chromium Version < 150.0.4078.48
   GoogleAndroid Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.242
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
secure@microsoft.com 6.8 2.5 4.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58522
Vendor Advisory