Description
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Bing Search app for Android causes the user interface to incorrectly display critical information, enabling an unauthorized attacker to perform spoofing over a network. The vulnerability allows the attacker to manipulate how information is presented to the user, potentially leading to users believing false content is authentic. The impact is restricted to information displayed within the app and does not directly grant code execution or system compromise.

Affected Systems

Microsoft Bing Search for Android released by Microsoft is impacted. The specific versions affected are not listed in the CVE data, so any version of the app that includes the UI misrepresentation flaw is potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.3 indicates low severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, implying that current exploitation rates are uncertain but likely low. The inferred attack vector is network-based, requiring an attacker to influence network traffic that the Bing app receives. Given the lack of a high‑severity score and absence of known active exploitation, the risk is considered moderate but does not necessitate emergency mitigation. However, due to the potential for user deception, it is prudent for users and organizations to remain vigilant.

Generated by OpenCVE AI on June 9, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Bing Search app on Android to the latest version available from the Google Play Store to apply the UI misrepresentation fix.
  • Avoid using the Bing app on untrusted or insecure networks, and consider disabling VPN or tunneling services that could alter the app’s network traffic.
  • Check Microsoft’s security advisory for any additional recommendations or monitoring guidance.

Generated by OpenCVE AI on June 9, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Bing Search Spoofing Vulnerability
First Time appeared Microsoft
Microsoft bing
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:bing:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft bing
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Bing
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-10T13:42:07.349Z

Reserved: 2026-05-12T20:33:35.157Z

Link: CVE-2026-45650

cve-icon Vulnrichment

Updated: 2026-06-10T13:41:59.731Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:32.160

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45650

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:14Z

Weaknesses