Primary

Context

Microsoft Edge Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to disclose information over a network by exploiting external control of file names or paths. This issue could lead to the unauthorized reading of cookies and cached session data, potentially allowing attackers to hijack user accounts on different devices.

Impact

Exploitation of this vulnerability could result in unauthorized access to session cookies, enabling an attacker to impersonate a user by signing into their accounts on another device. Additionally, this vulnerability could allow for a browser sandbox escape.

Remediation

Users are advised to update to the latest version of Microsoft Edge. The security update for this vulnerability is included in Microsoft Edge version 148.0.3967.55.

Added: May 12, 2026, 7:19 PM

Updated: May 12, 2026, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.2

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.2

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Edge Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Edge

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating