Description
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a user interface misrepresentation flaw in Microsoft Edge (Chromium-based) for Android that allows an attacker to spoof critical information over a network. The vulnerability falls under CWE-451. An attacker exploiting this flaw could impersonate a legitimate website or application, tricking users into revealing sensitive data or performing unintended actions.

Affected Systems

Microsoft Edge for Android is affected. No specific version numbers are listed in the available data; all builds of the Chromium-based Edge for Android may be vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Likely, the attack vector involves network-based delivery of malicious content to the vulnerable browser, and exploiting the UI misrepresentation requires an attacker to present spoofed pages to the user. Based on the description, it is inferred that an attacker would need to embed malicious material into a page viewed by Edge, enabling users to be misdirected into actions that they believe are legitimate.

Generated by OpenCVE AI on May 12, 2026 at 20:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Microsoft Edge for Android to the latest version as soon as an update is available.
  • Ensure automatic updates are enabled so future patches are applied promptly.
  • Verify URLs and certificate details when browsing sensitive sites to detect potential spoofing attempts.

Generated by OpenCVE AI on May 12, 2026 at 20:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft edge
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:54:03.288Z

Reserved: 2026-04-30T22:35:54.966Z

Link: CVE-2026-42891

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:26.207

Modified: 2026-05-12T18:17:26.207

Link: CVE-2026-42891

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T01:45:15Z

Weaknesses