Description
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Published: 2026-05-18
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability permits an attacker to bypass a security feature over a network due to improper input validation. The weakness is classified as CWE‑20, reflecting an input validation flaw that undermines browser defenses.

Affected Systems

Affected systems include Microsoft Edge (Chromium-based) on all platforms where it is installed. No specific version range is cited; therefore, system administrators should assess all current installations for vulnerability.

Risk and Exploitability

The CVSS score is 5.4, indicating medium severity. EPSS score is <1%, and the vulnerability is not listed in CISA's KEV catalog, suggesting no current widespread exploitation. The attack vector is not explicitly documented; based on the description, it is inferred that the likely vector is remote over a network via a malicious web page or other compromised content. Administrators should evaluate whether their environments are exposed to such content.

Generated by OpenCVE AI on May 19, 2026 at 17:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Edge patch or upgrade to the newest release as listed in the Microsoft update guide for CVE-2026-45492.
  • Ensure that built‑in security policies (e.g., Safe Browsing, sandboxing, and site isolation) are enabled and not overridden by custom configurations.
  • Monitor network traffic for unusual requests or data exfiltration that may indicate exploitation of a security feature bypass.

Generated by OpenCVE AI on May 19, 2026 at 17:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*

Mon, 18 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 18 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Mon, 18 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Title Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-20
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T19:33:46.618Z

Reserved: 2026-05-12T16:07:22.618Z

Link: CVE-2026-45492

cve-icon Vulnrichment

Updated: 2026-05-18T17:57:26.966Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-18T18:17:37.897

Modified: 2026-05-19T15:03:24.000

Link: CVE-2026-45492

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T17:15:10Z

Weaknesses