CVE Catalog

CVE-2026-57977

HighCVSS 7.1
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.

Risk Assessment

An attacker could exploit this flaw to display fake content in a trusted domain, potentially leading to credential theft or malware distribution.

Recommendation

Immediately update Microsoft Edge to the latest available version that includes a fix for this vulnerability.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS