CVE-2026-42838
published 2026-05-12CVE-2026-42838: Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized…
medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | edge_chromium | < 148.0.3967.55 | 148.0.3967.55 |
| microsoft | microsoft_edge | >= 1.0.0.0 < 148.0.3967.55 | 148.0.3967.55 |