🟡 Medium | Source: Microsoft Security Response Center
A relative path traversal vulnerability in Microsoft Edge for Android (CVE-2026-58522) allows a local, unauthorised attacker to access and disclose sensitive information stored on the device. The flaw does not require network access, meaning exploitation is limited to someone with physical or local access to the affected device. While the attack surface is constrained, any information disclosure risk on a mobile browser used to access corporate cloud resources warrants attention.
Security Architect’s Take: Ensure Microsoft Edge for Android is updated to the patched version across all managed mobile devices via your MDM solution (e.g. Intune). Review mobile application management policies to confirm that corporate data accessed through Edge on Android is subject to app protection policies that limit local data caching and storage.
Original advisory: CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability