Race Condition in Microsoft Edge for Android Exposes Devices to Code Execution Risks
CVE-2026-58299

7.5HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
3 July 2026

What is CVE-2026-58299?

A race condition vulnerability exists in Microsoft Edge for Android, which may allow an unauthorized attacker to exploit the time-of-check and time-of-use gap. This flaw can enable remote code execution over a network, potentially compromising user devices and sensitive data. It is critical for users to update their Microsoft Edge application to the latest version to mitigate the risks associated with this vulnerability. For more detailed guidance, refer to the official advisory from Microsoft.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 150.0.4078.48

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.