Description
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-02-05
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Spoofing via UI misrepresentation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability enables an attacker to manipulate how critical information is displayed in the user interface of Microsoft Edge for Android, allowing the attacker to present false or misleading content to the user. This can lead to the user trusting spoofed pages or data, potentially facilitating phishing, credential theft, or other social‑engineering attacks. The weakness is categorized as CWE‑451, information exposure through UI misrepresentation.

Affected Systems

Microsoft Edge (Chromium-based) for Android is affected. No specific version numbers are supplied in the available data, so all current releases of the Android edition of Edge that match the specified vendor/product identifiers are potentially susceptible.

Risk and Exploitability

The CVSS score is 6.5, indicating a medium severity flaw. The EPSS score is below 1%, implying that exploitation cases are expected to be very rare at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote over a network, with an attacker delivering a malicious or deceptively altered website that the user can visit in the affected browser. No additional conditions or local privilege requirements are specified, so any user of the vulnerable app can be deceived.

Generated by OpenCVE AI on April 15, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft Edge to the latest Android release from Microsoft or the Google Play Store, which contains the fix for UI spoofing.
  • If a recent update is not yet available, uninstall the current Edge application or disable it until a patched version is released.
  • Maintain general security hygiene by keeping Android OS and all apps updated, avoiding suspicious links, and using trusted browsing sources to reduce exposure to malicious content.

Generated by OpenCVE AI on April 15, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:android:*:*

Mon, 09 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-10T13:21:14.540Z

Reserved: 2025-11-19T12:01:28.640Z

Link: CVE-2026-0391

cve-icon Vulnrichment

Updated: 2026-02-09T19:30:00.634Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-05T23:15:54.093

Modified: 2026-02-18T17:44:14.410

Link: CVE-2026-0391

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T18:00:15Z

Weaknesses