CVE-2026-32208

Published Jun 19, 2026

Last updated a day ago

CVSS high 8.8

Overview

Description
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
Source
secure@microsoft.com
NVD status
Analyzed
CNA Tags
exclusively-hosted-service
Products
edge_chromium

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-79

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityCVE-2026-45495
  2. Microsoft Edge (Chromium-based) Spoofing VulnerabilityCVE-2026-45494
  3. Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.CVE-2026-45492
  4. User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.CVE-2026-42891
  5. Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.CVE-2026-42838

References

Sources include official advisories and independent security research.