Description
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-05-12
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a user interface misrepresentation that allows an unauthenticated attacker to spoof critical information over a network. This misuse can lead to spoofing where the attacker impersonates legitimate content, misdirecting users or causing confusion. The weakness corresponds to CWE-451, an unverified external modification that results in incorrect display or behavior.

Affected Systems

Microsoft Edge (Chromium-based) for Android is affected. No version range was specified in the CNA data.

Risk and Exploitability

The CVSS score of 4.3 indicates low to moderate severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that the likely attack vector is network-based spoofing, where an attacker could inject or manipulate content displayed in the browser. While the overall risk is moderate, the potential for user confusion and phishing remains.

Generated by OpenCVE AI on May 12, 2026 at 19:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Keep Microsoft Edge for Android updated to the latest version available from Microsoft.
  • Avoid connecting to untrusted or public Wi‑Fi networks that could be used to deliver spoofed content.
  • Enable and configure Edge’s built‑in phishing protection features and ensure any security extensions are trusted.

Generated by OpenCVE AI on May 12, 2026 at 19:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-15T17:13:33.765Z

Reserved: 2026-04-13T00:27:50.798Z

Link: CVE-2026-40416

cve-icon Vulnrichment

Updated: 2026-05-13T10:19:25.064Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:17:19.687

Modified: 2026-05-13T15:34:52.573

Link: CVE-2026-40416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T01:00:22Z

Weaknesses