CVE-2026-32187EXPLOITEDPATCHED

microsoft · microsoft edge (chromium-based)

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

Description

A remote, anonymous attacker can exploit a vulnerability in Microsoft Edge to manipulate files and disclose confidential information.

Affected Products

Vendor	Product	Versions
microsoft	microsoft edge (chromium-based)	1.0.0.0, 146.0.3856.59

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187(vendor-advisory, patch)

Related News (4 articles)

Tier B

BSI Advisories6h ago

[NEU] [niedrig] Microsoft Edge: Schwachstelle ermöglicht Manipulation von Dateien und die Offenlegung von Informationen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-32187 | Microsoft Edge up to 146.0.3856.59 Remote Code Execution

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-32187 | Microsoft Edge up to 146.0.3856.59 Remote Code Execution (EUVD-2026-16813)

→ No new info (linked only)

Tier A

Microsoft MSRC3d ago

CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

→ No new info (linked only)

CVSS 3.14.2 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch availablehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187

Published3/27/2026

Last enriched6h agov4

Trending Score61

Source articles4

Independent3

Info Completeness8/14

Missing: epss, cwe, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Trending: 58

MEDIUMCVE-2026-20805EXPKEV

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Trending: 56

CRITICALCVE-2026-20963EXPKEV

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Trending: 23

HIGHCVE-2026-4449EXP

Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Trending: 18

HIGHCVE-2026-4446EXP

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Trending: 18

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: affectedVersions

Mar 27, 2026

Actively Exploited

Mar 27, 2026

Exploit Available

Mar 27, 2026

Patch Available

Mar 27, 2026

Updated: affectedVersions, severity

Mar 28, 2026

Updated: description, exploitAvailable, activelyExploited

Mar 30, 2026

Version History

Last enriched 6h ago

v4Tier B6h ago

Updated description with new technical details and marked the vulnerability as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited

via BSI Advisories

v3Tier C2d ago

Updated affected versions to 146.0.3856.59 and changed severity to HIGH.

affectedVersionsseverity

via VulDB

v2Tier C2d ago

Updated affected versions to 146.0.3856.59 and changed severity to HIGH, while noting the vulnerability is actively exploited.

affectedVersions

via VulDB

v12d ago

Initial creation