Description
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Published: 2026-05-18
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability permits an attacker to bypass a security feature in Microsoft Edge (Chromium-based) over a network due to improper input validation. The bypass could allow the execution of code or the loading of malicious content without triggering normal safeguards. The weakness is classified as CWE‑20, reflecting an input validation flaw that undermines browser defenses.

Affected Systems

Affected systems include Microsoft Edge (Chromium-based) on all platforms where it is installed. No specific version range is cited; therefore, system administrators should assess all current installations for vulnerability.

Risk and Exploitability

The CVSS score is 5.4, indicating a medium likelihood of significant impact if exploited. EPSS data is not available and the vulnerability is not listed in CISA's KEV catalog, suggesting no current widespread exploitation. The attack vector is not explicitly documented; the likely vector is remote over a network via a malicious web page or other compromised content, inferred from the fact that the flaw involves a browser security feature bypass. Administrators should evaluate whether their environments are exposed to such content.

Generated by OpenCVE AI on May 18, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Edge patch or upgrade to the newest release as listed in the Microsoft update guide for CVE-2026-45492.
  • Ensure that built‑in security policies (e.g., Safe Browsing, sandboxing, and site isolation) are enabled and not overridden by custom configurations.
  • Monitor network traffic for unusual requests or data exfiltration that may indicate exploitation of a security feature bypass.

Generated by OpenCVE AI on May 18, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 18 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Mon, 18 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Title Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-20
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-18T18:10:08.620Z

Reserved: 2026-05-12T16:07:22.618Z

Link: CVE-2026-45492

cve-icon Vulnrichment

Updated: 2026-05-18T17:57:26.966Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-18T18:17:37.897

Modified: 2026-05-18T19:32:38.777

Link: CVE-2026-45492

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T19:30:26Z

Weaknesses