CVE-2026-58523: Microsoft Edge for Android Security Feature Bypass Vulnerability

Overview

Severity
Medium (CVSS 6.5)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Category
Edge - Chromium
Exploit Status
Not Exploited
Exploitation Likelihood
Unlikely
Patch Tuesday
2026-Jul
Released
2026-07-03
EPSS Score
0.47% (percentile: 37.8%)

Description

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? An unauthenticated attacker is able to bypass the expected user access. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user must visit the attacker‑controlled webpage, and perform the two tap gestures that cause autofill to activate. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 150.0.4078.48 07/03/2026 150.0.7871.47

Affected Products (1)

Browser

  • Microsoft Edge (Chromium-based)

Acknowledgments

Kugelblitz with Microsoft, Kugelblitz with Microsoft

Revision History

  • 2026-07-03: Information published.