6.8
CVE-2026-58522
- EPSS 0.32%
- Veröffentlicht 03.07.2026 20:35:17
- Zuletzt bearbeitet 07.07.2026 22:52:45
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Edge for Android Information Disclosure Vulnerability
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Edge Chromium Version < 150.0.4078.48
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.242 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| secure@microsoft.com | 6.8 | 2.5 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58522