🟠 High  |  Source: Microsoft Security Response Center


A security feature bypass vulnerability (CVE-2026-58525) has been identified in Microsoft Edge (Chromium-based), where improper access controls allow a remote, unauthenticated attacker to circumvent browser security protections over a network. This could enable an attacker to perform actions that would ordinarily be blocked by Edge’s built-in defences. While browser-level, this poses a meaningful risk in enterprise environments where Edge is widely deployed, particularly for users accessing cloud management portals or sensitive internal tooling.

Security Architect’s Take: Prioritise deploying the patched version of Microsoft Edge across your estate via your endpoint management tooling (e.g. Intune or SCCM), and consider enforcing browser version compliance policies that block access to corporate cloud resources from unpatched clients until remediated.

Original advisory: CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability