Description
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-04-10
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Spoofing of critical user‑interface information
Action: Apply patch
AI Analysis

Impact

A misrepresentation in the user interface of Microsoft Edge (Chromium‑based) for Android allows an attacker to display false or misleading critical information to the user. The vulnerability is a form of user‑interface spoofing that could cause users to misinterpret displayed data, potentially leading to security or operational mistakes. It falls under the weakness identified as CWE‑451.

Affected Systems

All installations of Microsoft Edge for Android based on Chromium are impacted, as no specific version constraints are listed. Every current build should be treated as vulnerable until an official update is applied.

Risk and Exploitability

The CVSS score of 5.4 signifies moderate severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. EPSS data is not available. Based on the description, the likely attack vector involves an attacker manipulating content over a network or influencing a website that the user visits, leading the browser to render spoofed UI elements. No explicit prerequisites are detailed, so the attack probably requires the user to interact with malicious or compromised web content.

Generated by OpenCVE AI on April 10, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Microsoft Edge update for Android from the Google Play Store or the Microsoft update portal.

Generated by OpenCVE AI on April 10, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft edge
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-30T14:42:40.161Z

Reserved: 2026-03-17T20:15:23.721Z

Link: CVE-2026-33119

cve-icon Vulnrichment

Updated: 2026-04-13T20:52:03.207Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T22:16:21.287

Modified: 2026-04-14T11:57:14.647

Link: CVE-2026-33119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:57:18Z

Weaknesses