SYS::ONLINE
Wasteland.
Briefs1097
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-58289 2026-07-03

Microsoft Edge Type Confusion Flaw (CVE-2026-58289) Rated Critical at CVSS 9.0

"Microsoft has disclosed a critical type-confusion vulnerability in the Chromium-based Edge browser that could let a remote, unauthenticated attacker execute arbitrary code over the network."

Microsoft has disclosed a critical type-confusion vulnerability in the Chromium-based Edge browser that could let a remote, unauthenticated attacker execute arbitrary code over the network.

What Is It

CVE-2026-58289 is a type-confusion vulnerability (CWE-843) in Microsoft Edge (Chromium-based). Type confusion occurs when code accesses a resource using an incompatible type, and in this case it allows an unauthorized attacker to execute code over a network. Microsoft assigned the flaw a CVSS 3.1 base score of 9.0 (CRITICAL), with the vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. Notably, the attack requires no privileges and no user interaction, and it carries a changed scope with high confidentiality, integrity, and availability impact; though attack complexity is rated high.

Why It Matters

Remote code execution in a widely deployed browser is among the most consequential vulnerability classes. Because the flaw requires no authentication and no user interaction, and because its scope is "changed" (meaning impact can extend beyond the vulnerable component), successful exploitation could give an attacker significant control over an affected system. The high attack complexity offers some mitigating friction, but the 9.0 severity rating reflects the serious potential impact. No CISA KEV entry accompanies this record, so active exploitation is not confirmed in the supplied source material.

What's Vulnerable

The affected product is Microsoft Edge (Chromium-based). According to the NVD record, versions from 1.0.0.0 up to (but not including) 150.0.4078.48 are affected.

Patch Status

The fix is delivered in Microsoft Edge (Chromium-based) version 150.0.4078.48 and later, as the affected range ends below that build. Users and administrators should update Edge to 150.0.4078.48 or newer. Refer to the Microsoft Security Response Center update guide for authoritative remediation details.

Sources