CVE-2026-42838
MEDIUM
NVD
CVSS Score
5.4
Severity
MEDIUM
Published
May 12, 2026
Vendor
unknown
Description
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.