CVE Catalog

CVE-2026-57975

HighCVSS 7.5
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network. The flaw stems from accessing a resource using an incompatible data type.

Risk Assessment

An attacker can remotely execute arbitrary code in the browser context, leading to system compromise, data theft, or lateral movement within the organization's network.

Recommendation

Immediately update Microsoft Edge to the latest version provided by the vendor. Enforce policies to block unknown or malicious websites until the patch is applied.

Original NVD description (English source)

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS