Multiple vulnerabilities in Microsoft Edge (July 7, 2026)
Multiple vulnerabilities have been discovered in Microsoft Edge. Some of them allow an attacker to cause remote arbitrary code execution, privilege escalation, and a breach of data confidentiality.
CSIRTS triage
- What
- Multiple vulnerabilities allow remote arbitrary code execution, privilege escalation, and data confidentiality breaches.
- Who is affected
- Users of Microsoft Edge are affected by these vulnerabilities.
- Urgency
- Remediation is urgent due to the potential for severe exploitation.
- Action
- Update Microsoft Edge to the latest version to address these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Microsoft Edge
Get an email when a new Microsoft Edge advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0840/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-138480.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-140980.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-579880.53% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 41% of all scored CVEs.
- Low exploitation riskCVE-2026-141040.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2026-139340.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-140800.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-138060.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
- Low exploitation riskCVE-2026-141000.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-139330.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-582910.59% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Google Chrome: Multiple vulnerabilities allow unspecified attackcert-bund
- high[NEW] [high] Microsoft Edge: Multiple vulnerabilitiescert-bund
- unknownMicrosoft Edge Multiple Vulnerabilitieshkcert
- unknownDSA-6378-1 chromium - security updatedebian
- highCVE-2026-58295: Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-base…nvd
- mediumCVE-2026-58291: Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows …nvd
- highCVE-2026-58290: Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-base…nvd
- highCVE-2026-58276: Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute c…nvd
- highCVE-2026-57992: Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute c…nvd
- highCVE-2026-57991: Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-bas…nvd
- highCVE-2026-57988: Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to …nvd
- highCVE-2026-57986: Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute c…nvd
Recent advisories for Microsoft Edge
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMicrosoft Edge security advisory (AV26-682)cccs · 2026-07-10
- high[NEW] [high] Microsoft Edge: Multiple vulnerabilitiescert-bund · 2026-07-09
- unknownVulnerability in Microsoft Edge (July 09, 2026)cert-fr-avis · 2026-07-09
- highCVE-2026-58525: Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to …nvd · 2026-07-08
- unknownMicrosoft Edge security advisory (AV26-659)cccs · 2026-07-06
- unknownMicrosoft Edge Multiple Vulnerabilitieshkcert · 2026-07-06
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10