Microsoft Patches Critical Microsoft Edge Vulnerabilities Enabling Remote Code Execution
Microsoft has released a security update addressing three critical vulnerabilities in Microsoft Edge that could allow attackers to execute arbitrary code on vulnerable systems.
The most severe flaw, CVE-2026-45495 (CVSS 7.5), enables remote code execution if a user opens a malicious file or visits a crafted webpage. Exploitation could grant attackers control over a system in the context of the logged-in user. Two additional vulnerabilities were also patched:
- CVE-2026-45494 (CVSS 5.0): A navigation-handling weakness that permits cross-origin script injection, requiring user interaction.
- CVE-2026-45492 (CVSS 4.3): An insufficient origin validation issue in cross-device managed sign-in, which could expose restricted functionality and be chained with other exploits.
These vulnerabilities affect Microsoft Edge installations and highlight the risks of browser-based attacks, which are frequently weaponized once details become public. The update mitigates potential exploitation by remote attackers.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7468540509670555648
Microsoft TPRM report: https://www.rankiteo.com/company/microsoft-security-response-center
"id": "mic1780640667",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "6/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology',
'name': 'Microsoft',
'type': 'Corporation'}],
'attack_vector': ['Malicious file', 'Crafted webpage'],
'description': 'Microsoft has released a security update addressing three '
'critical vulnerabilities in Microsoft Edge that could allow '
'attackers to execute arbitrary code on vulnerable systems. '
'The most severe flaw, CVE-2026-45495 (CVSS 7.5), enables '
'remote code execution if a user opens a malicious file or '
'visits a crafted webpage. Exploitation could grant attackers '
'control over a system in the context of the logged-in user. '
'Two additional vulnerabilities were also patched: '
'CVE-2026-45494 (CVSS 5.0), a navigation-handling weakness '
'that permits cross-origin script injection, requiring user '
'interaction, and CVE-2026-45492 (CVSS 4.3), an insufficient '
'origin validation issue in cross-device managed sign-in, '
'which could expose restricted functionality and be chained '
'with other exploits.',
'impact': {'systems_affected': 'Microsoft Edge installations'},
'recommendations': 'Apply the latest Microsoft Edge security update to '
'mitigate potential exploitation.',
'references': [{'source': 'Microsoft Security Update'}],
'response': {'containment_measures': 'Security update released',
'remediation_measures': 'Patching vulnerabilities'},
'title': 'Microsoft Patches Critical Microsoft Edge Vulnerabilities Enabling '
'Remote Code Execution',
'type': 'Vulnerability',
'vulnerability_exploited': ['CVE-2026-45495',
'CVE-2026-45494',
'CVE-2026-45492']}