CVE-2026-58291
Received Received - Intake

Use-After-Free in Microsoft Edge Chromium

Vulnerability report for CVE-2026-58291, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-03

Last updated on: 2026-07-03

Assigner: Microsoft Corporation

Description

Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-03
Last Modified
2026-07-03
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft edge *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-672 The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Microsoft Edge (Chromium-based) involves performing an operation on a resource after it has expired or been released. This flaw allows an unauthorized attacker to disclose information over a network.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information over a network, potentially exposing private or confidential data to attackers.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart