Description
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published: 2026-07-03
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from a type‑confusion flaw that lets an attacker access a resource using an incompatible data type. The flaw enables an unauthorized user to execute arbitrary code on the affected system across a network, thereby granting full compromise of the victim machine.

Affected Systems

The affected product is Microsoft Edge (Chromium‑based). No specific version range was supplied in the advisory, so all builds of the Chromium‑based Edge that have not yet been patched may be impacted.

Risk and Exploitability

The CVSS score of 7.5 marks this as a high severity vulnerability. The EPSS score is not available, and the CVE is not listed in the CISA KEV catalog, so the precise likelihood of exploitation remains uncertain. The description implies a remote attack path via the network, suggesting that a threat actor can deliver malicious content to a user’s browser to trigger the type‑confusion and gain code execution.

Generated by OpenCVE AI on July 4, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s security update for Microsoft Edge as soon as it becomes available.
  • If a patch is not yet available, disable or block the use of Edge or restrict its execution until the update can be installed.
  • Employ endpoint detection and web‑filtering solutions to detect and block crafted content that may exploit type‑confusion vulnerabilities.

Generated by OpenCVE AI on July 4, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Description Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Title Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-843
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-07-03T21:26:04.483Z

Reserved: 2026-06-26T17:45:44.853Z

Link: CVE-2026-57975

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-04T16:30:16Z

Weaknesses
  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')