Multiple vulnerabilities in Microsoft Edge (June 29, 2026)
Multiple vulnerabilities have been discovered in Microsoft Edge. They allow an attacker to cause remote arbitrary code execution and an unspecified security issue by the vendor.
CSIRTS triage
- What
- Multiple vulnerabilities in Microsoft Edge can lead to remote code execution and other unspecified issues.
- Who is affected
- Users of Microsoft Edge, specifics not detailed in the advisory.
- Urgency
- Remediation is urgent due to the potential for remote code execution and other security issues.
- Action
- Update Microsoft Edge to the latest version to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Microsoft Edge
Get an email when a new Microsoft Edge advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0811/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-505210.82% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 53% of all scored CVEs.
- Low exploitation riskCVE-2026-130340.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-124420.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-130270.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-130240.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-130250.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-130230.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-124690.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-120280.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-130220.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Microsoft Edge (Chromium-based): Vulnerability allows code executioncert-bund
- highCVE-2026-50521: Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute cod…nvd
- unknownMicrosoft Edge Remote Code Execution Vulnerabilityhkcert
- unknownGoogle Chrome Multiple Vulnerabilitieshkcert
- unknownDSA-6364-1 chromium - security updatedebian
- unknownMultiple vulnerabilities in Google Chrome (June 25, 2026)cert-fr-avis
- unknownCVE-2026-13034: Chromium: CVE-2026-13034 Inappropriate implementation in Passwordsmsrc
- unknownCVE-2026-12028: Chromium: CVE-2026-12028 Use after free GPUmsrc
- unknownCVE-2026-13035: Chromium: CVE-2026-13035 Use after free in Bluetoothmsrc
- highCVE-2026-50521: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabilitymsrc
- unknownCVE-2026-13029: Chromium: CVE-2026-13029 Use after free in Web Authenticationmsrc
- unknownCVE-2026-13031: Chromium: CVE-2026-13031 Use after free in Blinkmsrc
Recent advisories for Microsoft Edge
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMicrosoft Edge security advisory (AV26-682)cccs · 2026-07-10
- high[NEW] [high] Microsoft Edge: Multiple vulnerabilitiescert-bund · 2026-07-09
- unknownVulnerability in Microsoft Edge (July 09, 2026)cert-fr-avis · 2026-07-09
- highCVE-2026-58525: Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to …nvd · 2026-07-08
- unknownMultiple vulnerabilities in Microsoft Edge (July 7, 2026)cert-fr-avis · 2026-07-07
- unknownMicrosoft Edge security advisory (AV26-659)cccs · 2026-07-06
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10