Description
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published: 2026-05-18
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft Edge (Chromium-based) contains a vulnerability that allows an attacker to execute arbitrary code within the browser process. The flaw is classified under CWE‑119, CWE‑20 and CWE‑94 and can result in a full compromise of the user’s machine. The impact on confidentiality, integrity and availability can be substantial, permitting the attacker to read, modify or delete data and potentially spread laterally within a network.

Affected Systems

The affected product is Microsoft Edge (Chromium‑based). No specific releases were identified in the advisory, so until Microsoft publishes a patch all current versions of the browser should be considered at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is a malicious or compromised web page that the user opens in Edge, requiring user interaction with the browser but no additional privileges. The exploit can be executed from a remote host without needing elevated rights on the target system.

Generated by OpenCVE AI on May 18, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft Edge to the latest available security update as released by Microsoft.
  • Deploy a web‑filtering solution that blocks known malicious URLs or domains until the official patch is applied.
  • Continuously monitor Microsoft’s security updates and advisories to apply subsequent fixes or workarounds as soon as they become available.

Generated by OpenCVE AI on May 18, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-20
CWE-94

Mon, 18 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Title Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-18T18:10:09.776Z

Reserved: 2026-05-12T16:07:22.618Z

Link: CVE-2026-45495

cve-icon Vulnrichment

Updated: 2026-05-18T17:43:08.902Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-18T18:17:38.600

Modified: 2026-05-18T19:32:38.777

Link: CVE-2026-45495

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T20:00:13Z

Weaknesses