Description
Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published: 2026-07-03
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based buffer overflow in Microsoft Edge (Chromium-based) permits an adversary to execute arbitrary code on the target machine. The flaw originates from inadequate bounds checking during memory allocation (CWE‑122) and can be triggered by adversaries who craft malicious network traffic to the Edge renderer. Successful exploitation would grant the attacker full control over the Edge process and potentially beyond, compromising user data and system integrity.

Affected Systems

Microsoft Edge (Chromium-based) on any affected build is vulnerable. The affected versions are not explicitly listed in the advisory, so all installations lacking the subsequent security update should be considered at risk.

Risk and Exploitability

The vulnerability receives a CVSS score of 8.8, indicating high severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV; however, the absence of detection data does not reduce the risk of exploitation. The likely attack vector is network-based: an attacker can communicate with the Edge renderer over the network to trigger the buffer overflow. High severity coupled with the potential for arbitrary code execution makes this a critical vulnerability that should be remediated promptly.

Generated by OpenCVE AI on July 4, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Edge update that contains the fix for CVE-2026-56645
  • Restart all Edge processes (or reboot the system) after the update to ensure the new binaries are loaded
  • Consider temporarily restricting script execution or disabling the Edge renderer through policy until the update is applied

Generated by OpenCVE AI on July 4, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Title Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-122
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-07-03T21:26:03.777Z

Reserved: 2026-06-22T15:17:38.795Z

Link: CVE-2026-56645

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-04T16:45:03Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow