CVE-2026-32187 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2026-03-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker to bypass one or more defense layers embedded within Microsoft Edge (Chromium-based). This may compromise the browser's ability to prevent hostile input or malicious content from being processed as intended, possibly exposing the user to unintended code execution or policy violations. The weakness is classified as CWE-1021, which involves array or list boundary attacks or similar manipulation of defensive checks.

Affected Systems

Microsoft Edge (Chromium-based) is affected. The vulnerability is reported for all supported versions of the browser as it does not list specific versions, implying that any current installation may be susceptible.

Risk and Exploitability

The CVSS score of 4.2 indicates moderate overall impact, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalogue, further indicating that public exploitation is either absent or not widespread. The likely attack vector is inferred to be remote, via a malicious web page or content that triggers the defense bypass, although the exact method is not detailed in the available data.

No data.

Vendor Product Confidence Versions

Microsoft

Edge Chromium

95%

Version	Status	Scheme	Platform
`[1.0.0.0,146.0.3856.84)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Microsoft Edge update provided by Microsoft
Verify that Edge is updated to a version that includes the CVE-2026-32187 fix
Enable default security settings and avoid installing untrusted extensions

Generated by OpenCVE AI on April 1, 2026 at 05:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

No reference.

History

Wed, 15 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-1021
CPEs	cpe:2.3:a:microsoft:edge::::::::
Vendors & Products	Microsoft edge
References	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187
Metrics	cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}`

Wed, 15 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Title	Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 15 Apr 2026 21:00:00 +0000

Type	Values Removed	Values Added
Description	Microsoft Edge (Chromium-based) Defense in Depth Vulnerability	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CPEs	cpe:2.3:a:microsoft:edge_chromium::::::::
Metrics	cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}`	cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}`

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-250 CWE-284

Tue, 31 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft edge
CPEs		cpe:2.3:a:microsoft:edge::::::::
Vendors & Products		Microsoft edge

Tue, 31 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1021
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 29 Mar 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-250 CWE-284

Sat, 28 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
Description		Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Title		Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
First Time appeared		Microsoft Microsoft edge Chromium
CPEs		cpe:2.3:a:microsoft:edge_chromium::::::::
Vendors & Products		Microsoft Microsoft edge Chromium
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187
Metrics		cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}`

Subscriptions

Microsoft Edge Chromium

MITRE

Status: REJECTED

Assigner: microsoft

Published: 2026-03-27T20:42:05.339Z

Updated: 2026-04-15T20:45:55.522Z

Reserved: 2026-03-11T00:26:53.426Z

Link: CVE-2026-32187

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2026-03-27T21:17:22.950

Modified: 2026-04-15T21:17:04.647

Link: CVE-2026-32187

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:55:22Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object