Multiple Vulnerabilities in Microsoft Edge (June 22, 2026)
Multiple vulnerabilities have been discovered in Microsoft Edge. They allow an attacker to cause an unspecified security issue by the vendor.
CSIRTS triage
- What
- Multiple vulnerabilities have been discovered in Microsoft Edge.
- Who is affected
- All deployments of Microsoft Edge are potentially affected.
- Urgency
- Remediation is necessary as vulnerabilities could be exploited in future attacks.
- Action
- Update to the latest version of Microsoft Edge.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Microsoft Edge
Get an email when a new Microsoft Edge advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0791/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-124540.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-124670.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-124390.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-124610.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 15% of all scored CVEs.
- Low exploitation riskCVE-2026-124550.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-124640.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-124470.42% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 34% of all scored CVEs.
- Low exploitation riskCVE-2026-124570.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-124460.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-124630.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownCVE-2026-12440: Chromium: CVE-2026-12440 Use after free in DigitalCredentialsmsrc
- unknownCVE-2026-12445: Chromium: CVE-2026-12445 Use after free in Extensionsmsrc
- unknownCVE-2026-12446: Chromium: CVE-2026-12446 Insufficient data validation in Passwordsmsrc
- unknownCVE-2026-12451: Chromium: CVE-2026-12451 Use after free in DigitalCredentialsmsrc
- unknownCVE-2026-12441: Chromium: CVE-2026-12441 Use after free in File Inputmsrc
- unknownCVE-2026-12447: Chromium: CVE-2026-12447 Heap buffer overflow in WebRTCmsrc
- unknownCVE-2026-12443: Chromium: CVE-2026-12443 Use after free in Web Authenticationmsrc
- unknownCVE-2026-12452: Chromium: CVE-2026-12452 Use after free in Downloadsmsrc
- unknownCVE-2026-12453: Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Inputmsrc
- unknownCVE-2026-12455: Chromium: CVE-2026-12455 Use after free in Tab Stripmsrc
- unknownCVE-2026-12456: Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensionsmsrc
- unknownCVE-2026-12439: Chromium: CVE-2026-12439 Use after free in Digital Credentialsmsrc
Recent advisories for Microsoft Edge
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMicrosoft Edge security advisory (AV26-682)cccs · 2026-07-10
- high[NEW] [high] Microsoft Edge: Multiple vulnerabilitiescert-bund · 2026-07-09
- unknownVulnerability in Microsoft Edge (July 09, 2026)cert-fr-avis · 2026-07-09
- highCVE-2026-58525: Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to …nvd · 2026-07-08
- unknownMultiple vulnerabilities in Microsoft Edge (July 7, 2026)cert-fr-avis · 2026-07-07
- unknownMicrosoft Edge security advisory (AV26-659)cccs · 2026-07-06
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10