Cyber Resilience

CVE-2026-57992

High

Published: 03 July 2026

Published
03 July 2026
Modified
03 July 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-57992 is a high-severity Use After Free (CWE-416) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CWE(s)

Related Threats

CVEs Like This One

CVE-2022-26710Shared CWE-416
CVE-2023-21756Shared CWE-416
CVE-2025-49677Shared CWE-416
CVE-2021-21188Shared CWE-416
CVE-2021-34840Shared CWE-416
CVE-2022-1865Shared CWE-416
CVE-2025-10729Shared CWE-416
CVE-2026-13845Shared CWE-416
CVE-2026-13775Shared CWE-416
CVE-2022-20122Shared CWE-416

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

Hardening callouts derived

Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).

Oracle Linux 8 (1 rule)
  • V-248592 OL 8 must clear memory when it is freed to prevent use-after-free attacks. via CWE-416
RHEL 8 (1 rule)
  • V-230279 RHEL 8 must clear memory when it is freed to prevent use-after-free attacks. via CWE-416
RHEL 9 (1 rule)
  • V-257794 RHEL 9 must clear memory when it is freed to prevent use-after-free attacks. via CWE-416

References