🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-14401 is a vulnerability in ANGLE, the graphics abstraction layer used by Chromium-based browsers, caused by insufficient validation of untrusted input. Microsoft Edge inherits this flaw from its Chromium foundation and is affected until patched. Such input validation weaknesses in graphics processing components can potentially be exploited to execute arbitrary code or compromise the browser sandbox.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints and virtual desktop environments; prioritise this in organisations where Edge is used to access Azure portals or cloud management consoles, as browser-level exploits can serve as an initial access vector into cloud environments.

Original advisory: Chromium: CVE-2026-14401 Insufficient validation of untrusted input in ANGLE