Elevation of Privilege Vulnerability in Microsoft Edge by Microsoft
CVE-2026-42838

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-42838?

An improper handling of special elements in output within Microsoft Edge (Chromium-based) can be exploited to execute unauthorized actions over the network. This flaw could enable an attacker to gain elevated privileges, potentially compromising user security and data integrity. It's crucial for users and organizations to address this vulnerability by applying the necessary patches provided by Microsoft.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 148.0.3967.55

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42838 Data

JSON