Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dq6q-2z3d-vyh6
Vulnerability ID VCID-dq6q-2z3d-vyh6
Aliases CVE-2018-0859
GHSA-9pvj-pgg9-pvqq
Summary Out-of-bounds Write Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.29342 https://api.first.org/data/v1/epss?cve=CVE-2018-0859
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-9pvj-pgg9-pvqq
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-0859
https://github.com/chakra-core/ChakraCore/commit/8a2c3730f9fd775380dc8226dbf3a697c691b73d
https://web.archive.org/web/20210124135852/http://www.securityfocus.com/bid/102882
https://web.archive.org/web/20211208072939/http://www.securitytracker.com/id/1040372
http://www.securityfocus.com/bid/102882
http://www.securitytracker.com/id/1040372
CVE-2018-0859 https://nvd.nist.gov/vuln/detail/CVE-2018-0859
CVE-2018-0859 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0859
GHSA-9pvj-pgg9-pvqq https://github.com/advisories/GHSA-9pvj-pgg9-pvqq
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.96681
EPSS Score 0.29342
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:53:25.421095+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2018-0859.yml 38.6.0