Description
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-05-12
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft Edge (Chromium‑based) for Android contains a UI misrepresentation flaw that allows an unauthorized attacker to spoof critical information over a network. The vulnerability can mislead users into believing they are interacting with a legitimate page or service, potentially enabling phishing or other social‑engineering attacks. The flaw is classified as a UI spoofing weakness and carries a CVSS score of 4.3, indicating moderate potential impact on user trust and privacy.

Affected Systems

Microsoft Edge for Android on Android devices. No specific version information is given; the issue may affect any deployed build prior to the latest security update listed by Microsoft.

Risk and Exploitability

The CVSS score of 4.3 suggests a low to moderate severity. The EPSS score of 0.00064 indicates a very low probability of exploitation, and the vulnerability is not included in CISA’s KEV catalog, implying no known widespread exploitation. The likely attack vector is through network traffic that delivers crafted content triggering the UI misrepresentation. Successful exploitation would require the user to interact with the malicious content and rely on the misleading interface to perform unintended actions. Until a public exploit or more detailed information emerges, the threat remains theoretical.

Generated by OpenCVE AI on June 1, 2026 at 21:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft Edge for Android to the latest version available from the official app store, as Microsoft has released a patch addressing the UI misrepresentation flaw.
  • Ensure the app is installed from a trusted source such as the Google Play Store or Microsoft Store, and avoid sideloading or using unofficial builds.
  • Maintain the Edge app in automatic update mode to receive future security patches promptly, and verify that the latest version reflects the fix by checking Microsoft’s update guide or release notes.

Generated by OpenCVE AI on June 1, 2026 at 21:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Wed, 13 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft edge
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

Subscriptions

Microsoft Edge
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-01T23:44:24.565Z

Reserved: 2026-04-02T19:21:11.804Z

Link: CVE-2026-35429

cve-icon Vulnrichment

Updated: 2026-05-13T10:19:54.938Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T18:17:13.510

Modified: 2026-06-01T19:16:32.180

Link: CVE-2026-35429

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T21:45:22Z

Weaknesses