Description
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-05-12
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft Edge (Chromium‑based) for Android contains a UI misrepresentation flaw that allows an attacker to spoof critical information over a network. The vulnerability can mislead users into believing they are interacting with a legitimate page or service, potentially enabling phishing or other social‑engineering attacks. The flaw is classified as a UI spoofing weakness and carries a CVSS score of 4.3, indicating moderate potential impact on user trust and privacy.

Affected Systems

Microsoft Edge for Android on Android devices. No specific version information is given; the issue may affect any deployed build prior to the latest security update listed by Microsoft.

Risk and Exploitability

The CVSS score of 4.3 suggests a low to moderate severity. The EPSS score is currently unavailable and the vulnerability is not included in CISA’s KEV catalog, implying no known widespread exploitation. The likely attack vector is through network traffic that delivers crafted content triggering the UI misrepresentation. Successful exploitation would require the user to interact with the malicious content and rely on the misleading interface to perform unintended actions. Until a public exploit or more detailed information emerges, the threat remains theoretical.

Generated by OpenCVE AI on May 12, 2026 at 19:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft Edge for Android to the latest version available from the official app store, as Microsoft has released a patch addressing the UI misrepresentation flaw.
  • Ensure the app is installed from a trusted source such as the Google Play Store or Microsoft Store, and avoid sideloading or using unofficial builds.
  • Maintain the Edge app in automatic update mode to receive future security patches promptly, and verify that the latest version reflects the fix by checking Microsoft’s update guide or release notes.

Generated by OpenCVE AI on May 12, 2026 at 19:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft edge
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

Subscriptions

Microsoft Edge
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:54:04.528Z

Reserved: 2026-04-02T19:21:11.804Z

Link: CVE-2026-35429

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:13.510

Modified: 2026-05-12T18:17:13.510

Link: CVE-2026-35429

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:00:12Z

Weaknesses