CVE-2026-58524
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
An XSS vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network due to improper input neutralization during web page generation.
Risk Assessment
An attacker can exploit this flaw to display fake content in a trusted domain, potentially leading to credential theft or malware distribution.
Recommendation
Immediately update Microsoft Edge to the latest version available from the vendor and enforce a script-blocking policy for untrusted sources.
Original NVD description (English source)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

