ZDI 2026-06-04

ZDI-26-329: (Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability

CVE-2026-45492

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires user interaction, such as visiting a malicious page, to exploit a security bypass in Microsoft Edge.

Context

The affected product is Microsoft Edge, specifically due to an origin validation error. This is a security bypass vulnerability that could allow remote attackers to access restricted functionality. The advisory notes user interaction is required for exploitation. Worth noting is the assigned CVSS score of 4.3, indicating a medium severity impact.

Operator considerations

Check: Verify if Microsoft Edge is deployed in the environment.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2026-45492.

Read the full advisory on ZDI →