Back

Multiple Vulnerabilities Discovered in Microsoft Edge Allow Remote Code Execution

Severity: High (Score: 64.5)

Sources: Zerodayinitiative, www.zerodayinitiative.com, msrc.microsoft.com, www.cve.org

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: vulnerability, allows, remote, attackers, affected, installations, microsoft

Severity indicators: vulnerability, ot

Summary

On June 5, 2026, three vulnerabilities were disclosed affecting Microsoft Edge, allowing remote attackers to execute arbitrary code or access restricted functionality. The vulnerabilities require user interaction, such as visiting a malicious page or opening a malicious file. ZDI-26-331 allows arbitrary code execution via improper handling of feedback log files. ZDI-26-329 enables access to restricted features due to insufficient validation in the cross-device managed sign-in mechanism. ZDI-26-330 permits arbitrary cross-origin script execution due to lack of validation of user-supplied data. All three vulnerabilities can be exploited in conjunction with other flaws, increasing their risk. Users are advised to remain vigilant and apply any patches released by Microsoft. No specific patches have been mentioned in the articles as of the publication date. Key Points: • Three critical vulnerabilities in Microsoft Edge disclosed on June 5, 2026. • User interaction is required for exploitation, increasing the risk of attack. • Vulnerabilities can be combined with others for greater impact.

Detailed Analysis

**Impact** All users of Microsoft Edge are affected by these vulnerabilities, which enable remote code execution, cross-origin script injection, and unauthorized access to restricted functionality. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The vulnerabilities could lead to unauthorized code execution within the context of the current user, potentially compromising sensitive data and business operations across all sectors and geographies where Edge is deployed. **Technical Details** The attack vector involves user interaction through malicious web pages or files. The vulnerabilities stem from improper validation of user-supplied paths, origins of web content, and user data, affecting feedback log file handling, cross-device managed sign-in, and script execution mechanisms. These flaws allow remote attackers to execute arbitrary code or scripts and access restricted functionality. The vulnerabilities are identified as ZDI-26-331, ZDI-26-329, and ZDI-26-330. No specific CVEs, malware, or IOCs are provided. **Recommended Response** Apply any available security patches from Microsoft for Edge immediately. Monitor for suspicious user activity involving unexpected file operations, cross-origin script execution, and unauthorized sign-in attempts. Harden configurations related to web content origin validation and feedback log handling. In the absence of detailed IOCs, prioritize user awareness to avoid interacting with untrusted content.

Source articles (5)

  • ZDI-26-331 — Zerodayinitiative · 2026-06-05
    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must vis…
  • ZDI 26 329 — www.zerodayinitiative.com · 2026-06-05
    This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target…
  • ZDI 26 330 — www.zerodayinitiative.com · 2026-06-05
    This vulnerability allows remote attackers to execute arbitrary cross-origin script on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the…
  • CVE-2026-45495 — www.cve.org · 2026-06-05
  • CVE 2026 45495 — msrc.microsoft.com · 2026-06-05

Timeline

  • 2026-06-05 — ZDI-26-331 disclosed: A vulnerability in Microsoft Edge allows remote code execution through improper handling of feedback log files.
  • 2026-06-05 — ZDI-26-329 disclosed: A vulnerability in Microsoft Edge allows access to restricted functionality due to insufficient validation in sign-in mechanisms.
  • 2026-06-05 — ZDI-26-330 disclosed: A vulnerability in Microsoft Edge allows arbitrary cross-origin script execution due to lack of validation of user-supplied data.

Related entities

  • XSS (Vulnerability)
  • CWE-20 - Improper Input Validation (Cwe)
  • CWE-22 - Path Traversal (Cwe)
  • Cwe-79 - Cross-site Scripting (xss) (Cwe)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • Microsoft Edge (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed