CVE-2026-45495
Modified Modified - Updated After Analysis
Microsoft Edge Chromium-Based Remote Code Execution

Publication date: 2026-05-18

Last updated on: 2026-05-26

Assigner: Microsoft Corporation

Description
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-26
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-45495
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
microsoft edge_chromium to 148.0.3967.70 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-35 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is a Remote Code Execution issue in Microsoft Edge (Chromium-based) with a high severity score.

To mitigate this vulnerability, it is recommended to apply the security updates provided by Microsoft as soon as possible.

Ensure that Microsoft Edge is updated to the latest version that includes the fix for CVE-2026-45495.

Executive Summary

This vulnerability is a Remote Code Execution (RCE) issue in the Chromium-based Microsoft Edge browser. It allows an attacker to execute arbitrary code remotely, potentially taking control of the affected system.

Impact Analysis

Exploitation of this vulnerability can lead to an attacker gaining full control over your system, including the ability to read, modify, or delete data, install programs, or create new accounts with full user rights.

Compliance Impact

This vulnerability allows remote code execution with high impact on confidentiality, integrity, and availability, which could lead to unauthorized access or data breaches.

Such security breaches may result in non-compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and maintaining system integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45495. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart