Changeflow GovPing Data Privacy & Cybersecurity Multiple Edge Vulnerabilities Prior to 146.0.38...
Routine Notice Added Final

Multiple Edge Vulnerabilities Prior to 146.0.3856.84

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 31st, 2026
Detected March 31st, 2026
Email

Summary

CERT-FR issued an advisory alerting that multiple unspecified vulnerabilities were discovered in Microsoft Edge affecting versions prior to 146.0.3856.84. The vulnerabilities could allow an attacker to cause an unspecified security issue. Two CVEs are referenced: CVE-2026-4676 and CVE-2026-4678. Users are advised to update to the patched version.

View original document View source feed page

What changed

CERT-FR published an advisory (CERTFR-2026-AVI-0380) on March 31, 2026, notifying of multiple vulnerabilities in Microsoft Edge versions before 146.0.3856.84. The vulnerabilities are traced to two Microsoft security bulletins: CVE-2026-4678 (published March 27, 2026) and CVE-2026-4676 (published March 31, 2026). The specific nature of the security impact is not disclosed by Microsoft, following typical responsible disclosure practices.

Organizations running Microsoft Edge should verify their current browser version and apply the vendor-provided patches. Patches are available through Microsoft's official security update guide at the referenced URLs. There is no mandated compliance deadline stated in this advisory—patching should be performed as part of standard security hygiene.

What to do next

  1. Identify all Microsoft Edge installations in your environment and verify current version numbers
  2. Update Microsoft Edge to version 146.0.3856.84 or later using the vendor patch
  3. Review CVE-2026-4676 and CVE-2026-4678 in Microsoft's security bulletin for additional remediation details if applicable

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 31 mars 2026 N° CERTFR-2026-AVI-0380 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans Microsoft Edge

Gestion du document

| Référence | CERTFR-2026-AVI-0380 |
| Titre | Multiples vulnérabilités dans Microsoft Edge |
| Date de la première version | 31 mars 2026 |
| Date de la dernière version | 31 mars 2026 |
| Source(s) | Bulletin de sécurité Microsoft Edge CVE-2026-4678 du 27 mars 2026
Bulletin de sécurité Microsoft Edge CVE-2026-4676 du 31 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Non spécifié par l'éditeur

Systèmes affectés

  • Microsoft Edge versions antérieures à 146.0.3856.84

Résumé

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 31 mars 2026 Version initiale

Named provisions

Avis du CERT-FR Systèmes affectés Résumé Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Symantec DLP Privilege Escalation Vulnerability
Priority review Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Elastic OpenTelemetry Java Remote Code Execution Vulnerability
Urgent Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Papercut Vulnerabilities Expose Data Confidentiality, Enable Remote XSS
Priority review Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com WideField Security identity posture management patent granted
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Neural Network Intrusion Detection System Patent Grant
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Flexible Deterministic Finite Automata (DFA) Tokenizer for AI-Based Malicious Traffic Detection
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 31st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0380

Who this affects

Applies to
Employers Technology companies Government agencies
Industry sector
5112 Software & Technology 5411 Legal Services 9211 Government & Public Administration
Activity scope
Vulnerability Patching Software Updates Browser Security
Threshold
Microsoft Edge versions prior to 146.0.3856.84
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
Cybersecurity
Compliance frameworks
NIST CSF
Topics
Data Privacy Software & Technology

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 327 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.