Urgent: CVE‑2026‑43958 – Critical Microsoft Edge Vulnerability Exposes Remote Code Execution

Impact

A flaw in Microsoft Edge allows attackers to run arbitrary code on a victim’s machine with full user privileges. The vulnerability is exploitable via a crafted web page, making it a high‑risk threat for corporate and personal users alike.

Technical Details

CVE‑2026‑43958 is a remote code execution bug in the Edge rendering engine. The flaw originates from an unchecked memory reference when processing a specially crafted HTML element. An attacker can embed malicious JavaScript that bypasses the sandbox, leading to arbitrary code execution. The CVSS v3.1 score is 10.0 (Critical).

Affected products and versions:

• Microsoft Edge (Chromium‑based) version 120.0.2210.0 and earlier
• Microsoft Edge (Legacy EdgeHTML) version 18.18362.1 and earlier

The vulnerability is present in all Windows 10, Windows 11, and Windows Server 2022 builds that ship with the affected Edge versions.

Mitigation Steps

1. Update Edge – Install the latest version from the Microsoft Update catalog or via Windows Update. Latest release: 120.0.2210.0+.
2. Disable Edge – If immediate update is impossible, set Edge as the default browser to a non‑vulnerable alternative (e.g., Chrome, Firefox). Use the policy setting BrowserChoice to enforce.
3. Apply the Security Update – Download the specific update package for your OS from the Microsoft Security Update Guide. Search for CVE‑2026‑43958.
4. Configure Network Controls – Block outbound connections to known malicious domains using firewall rules. Monitor for anomalous outbound traffic.
5. Educate Users – Warn staff about phishing sites that may exploit this flaw. Do not click unknown links.

Timeline

• 2026‑04‑12 – CVE disclosed by Microsoft.
• 2026‑04‑15 – Initial advisory issued.
• 2026‑04‑18 – Security update released for all affected Edge versions.
• 2026‑04‑20 – Microsoft recommends immediate patching.

Additional Resources

• Microsoft Security Update Guide – CVE‑2026‑43958
• Edge Release Notes
• Windows Update Catalog
• Edge Chromium Blog – Security Updates

Act now. Failure to update exposes systems to remote code execution, data theft, and potential ransomware deployment. Follow the steps above immediately to protect your environment.