CVE-2026-57991
Received Received - Intake

Improper Link Resolution Leading to Information Disclosure in Microsoft Edge

Vulnerability report for CVE-2026-57991, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-03

Last updated on: 2026-07-03

Assigner: Microsoft Corporation

Description

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-03
Last Modified
2026-07-03
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft edge *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves improper link resolution before file access in Microsoft Edge (Chromium-based). Specifically, it is a 'link following' issue that allows an unauthorized attacker to disclose information over a network.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of information over a network. This means an attacker could potentially access sensitive data without permission, impacting confidentiality.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57991. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart