CVE-2026-45495
Microsoft Edge Chromium-Based Remote Code Execution
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | edge_chromium | to 148.0.3967.70 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is a Remote Code Execution issue in Microsoft Edge (Chromium-based) with a high severity score.
To mitigate this vulnerability, it is recommended to apply the security updates provided by Microsoft as soon as possible.
Ensure that Microsoft Edge is updated to the latest version that includes the fix for CVE-2026-45495.
Can you explain this vulnerability to me?
This vulnerability is a Remote Code Execution (RCE) issue in the Chromium-based Microsoft Edge browser. It allows an attacker to execute arbitrary code remotely, potentially taking control of the affected system.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to an attacker gaining full control over your system, including the ability to read, modify, or delete data, install programs, or create new accounts with full user rights.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows remote code execution with high impact on confidentiality, integrity, and availability, which could lead to unauthorized access or data breaches.
Such security breaches may result in non-compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and maintaining system integrity.