CVE-2026-58596
A NVD · · CVE-2026-58596
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key metrics
- CVSS
- 8.3
- EPSS
- 0%
Key insight
Network-based privilege escalation in Microsoft Edge allows attackers to gain system privileges remotely without user interaction.
Description
CVE-2026-58596 describes an unsafe pointer dereference vulnerability in Microsoft Edge (Chromium-based). The vulnerability allows an unauthenticated attacker to escalate privileges over the network. The flaw is critical as it may enable remote code execution with elevated rights. The exploitation status , whether it is already being actively exploited or only known as a PoC , is not evident from the provided information.
Risk score
- cvss base
- 83.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 83.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational
MITRE ATT&CK mapping
2 TTPsProcedure details
| Technique | Tactic | Procedure | Conf. | Source |
|---|---|---|---|---|
| T1203 Exploitation for Client Execution | Execution | CVE-2026-58596 exploits an untrusted pointer dereference vulnerability in Microsoft Edge (Chromium-based) to achieve code execution as part of privilege escalation over a network. | high | llm |
| T1068 Exploitation for Privilege Escalation | Privilege Escalation | The untrusted pointer dereference vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network, as described in CVE-2026-58596. | high | llm |