Skip to content
Auto-CTI
Back to today
NEW CRITICAL A2

CVE-2026-58596

A NVD · · CVE-2026-58596

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
8.3
EPSS
0%

Key insight

Network-based privilege escalation in Microsoft Edge allows attackers to gain system privileges remotely without user interaction.

Description

CVE-2026-58596 describes an unsafe pointer dereference vulnerability in Microsoft Edge (Chromium-based). The vulnerability allows an unauthenticated attacker to escalate privileges over the network. The flaw is critical as it may enable remote code execution with elevated rights. The exploitation status , whether it is already being actively exploited or only known as a PoC , is not evident from the provided information.

Risk score

100
cvss base
83.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
83.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

2 TTPs
Recon
Resource Dev
Initial Access
Persistence
Def. Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1203
Exploitation for Client Execution
Execution CVE-2026-58596 exploits an untrusted pointer dereference vulnerability in Microsoft Edge (Chromium-based) to achieve code execution as part of privilege escalation over a network. high llm
T1068
Exploitation for Privilege Escalation
Privilege Escalation The untrusted pointer dereference vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network, as described in CVE-2026-58596. high llm
ESC