CVE-2026-57975
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code remotely over a network. The flaw stems from accessing a resource using an incompatible data type.
Risk Assessment
An attacker can remotely execute arbitrary code in the browser context, leading to system compromise, data theft, or lateral movement within the organization's network.
Recommendation
Immediately update Microsoft Edge to the latest version provided by the vendor. Enforce policies to block unknown or malicious websites until the patch is applied.
Original NVD description (English source)
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

