🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-57987 is a server-side request forgery (SSRF) vulnerability in Microsoft Edge (Chromium-based) that allows an unauthenticated attacker to perform spoofing attacks over a network. SSRF flaws can be exploited to make the victim’s browser or an associated server-side component issue requests to internal or unintended external resources on the attacker’s behalf. This is particularly concerning in enterprise environments where Edge is used to access cloud management portals or internal services.

Security Architect’s Take: Prioritise patching Microsoft Edge across all managed endpoints, particularly on machines used to access Azure portals, cloud consoles, or internal APIs, as SSRF can be leveraged to probe internal network resources or bypass perimeter controls. Additionally, review network egress rules and internal service authentication to limit the blast radius of any successful SSRF exploitation.

Original advisory: CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability