{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32187", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.426Z", "datePublished": "2026-03-27T20:42:05.339Z", "dateUpdated": "2026-03-31T14:03:24.183Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "datePublic": "2026-03-27T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0.0", "versionEndExcluding": "146.0.3856.84"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"version": "1.0.0.0", "lessThan": "146.0.3856.84", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Defense in Depth", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-03-27T22:33:21.656Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1021", "lang": "en", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T14:02:31.812190Z", "id": "CVE-2026-32187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:03:24.183Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T14:02:31.812190Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:03:18.712Z"}}], "cna": {"title": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThan": "146.0.3856.84", "versionType": "custom"}]}], "datePublic": "2026-03-27T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187", "name": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "Impact", "description": "Defense in Depth"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "146.0.3856.84", "versionStartIncluding": "1.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-03-27T22:33:21.656Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32187", "state": "PUBLISHED", "dateUpdated": "2026-03-31T14:03:24.183Z", "dateReserved": "2026-03-11T00:26:53.426Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-27T20:42:05.339Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "matchCriteriaId": "44234301-0E10-4E09-8928-9E154E0A629F", "versionEndExcluding": "146.0.3856.84", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability"}], "id": "CVE-2026-32187", "lastModified": "2026-03-31T19:03:03.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:22.950", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0.0,146.0.3856.84)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "edge_chromium", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-31T15:37:34.512731+00:00", "value": {"mitigation_remediation": ["Check for and install the latest Microsoft Edge update via Windows Update or the Edge update mechanism.", "Confirm that the update has been applied by verifying the browser version number after the install."], "summary": {"action": "Assess Impact", "impact": "Potential for Elevated Privileges"}, "threat_synthesis": {"affected_systems": "Microsoft Edge Chromium-based browsers are affected. No specific affected versions are listed in the available data, so all versions of this product are potentially vulnerable until an official patch is released.", "description_and_impact": "The vulnerability is described as a \"Defense in Depth Vulnerability\" in Microsoft Edge Chromium-based. It indicates a weakness that could allow an attacker to circumvent one or more layers of security controls, potentially leading to privilege escalation or execution of malicious code on the affected system. While the official description does not provide explicit details, the nature of the weakness suggests that exploitation could compromise system integrity and confidentiality if carried out successfully.", "risk_and_exploitability": "The CVSS score of 4.2 reflects a moderate impact, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. This vulnerability is not present in the CISA KEV catalog. Based on the description, it is inferred that the attack vector would involve user interaction or malicious content delivered through the browser, as is typical for defense\u2011in\u2011depth weaknesses in web browsers."}}}}, "created": "2026-03-29T20:30:00.894885+00:00", "updated": "2026-03-31T20:00:43.575335+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$edge_chromium"]}