CVE Catalog

CVE-2026-58298

HighCVSS 7.2
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

Risk Assessment

An attacker can exploit this flaw to display fake content in a trusted domain, potentially leading to credential theft or malware distribution.

Recommendation

Immediately update Microsoft Edge to the latest version available from the vendor and enforce a script-blocking policy for external content.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS