Description
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
Published: 2026-06-19
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of input during web page generation allows a cross‑site scripting vulnerability in Microsoft Edge (Chromium-based). An attacker with authorized access can inject content that the browser renders, enabling spoofing of web pages or services. The vulnerability represents a high‑severity security weakness that could mislead users and compromise the trust model of web content.

Affected Systems

Microsoft Edge (Chromium-based). No specific version range is specified in the data, so the issue may affect multiple releases of the Chromium‑based Edge browser.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an authorized attacker manipulating web page generation, which may require the ability to serve malicious content over a network. The exploitation conditions are moderate, but the potential impact on user trust and data integrity is significant.

Generated by OpenCVE AI on June 19, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Edge update available from Microsoft’s update guide for CVE‑2026‑32208.
  • Restrict corporate network traffic so that only trusted sources can provide content to Edge, thereby limiting the attacker’s ability to inject malicious pages.
  • Configure Edge policies to enforce stricter content security practices, such as disabling plugins or features that allow unverified page generation.

Generated by OpenCVE AI on June 19, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-79
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T20:27:45.083Z

Reserved: 2026-03-11T01:49:58.659Z

Link: CVE-2026-32208

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T23:15:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')