Skip to main content

Google EUVDEUVD-2026-21603

| CVE-2026-33119 MEDIUM
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2026-04-10 microsoft
5.4
CVSS 3.1 · NVD
Temporal: 4.7
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CIRCL (temporal)
4.7 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Apr 10, 2026 - 21:45 euvd
EUVD-2026-21603
Analysis Generated
Apr 10, 2026 - 21:45 vuln.today
Patch released
Apr 10, 2026 - 21:45 nvd
Patch available
CVE Published
Apr 10, 2026 - 21:20 nvd
MEDIUM 5.4

DescriptionCVE.org

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

AnalysisAI

Microsoft Edge (Chromium-based) on Android contains a user interface misrepresentation vulnerability that allows unauthenticated remote attackers to conduct spoofing attacks over a network. The vulnerability exploits UI rendering to misrepresent critical information to end users, enabling attackers to deceive users into taking unintended actions. While the CVSS score is moderate (5.4), the attack requires user interaction and only impacts confidentiality and integrity; a vendor-released patch is available.

Technical ContextAI

This vulnerability is rooted in CWE-451 (User Interface Misrepresentation of Critical Information), a class of flaws where the user interface fails to accurately represent system state or security-relevant information to the user. In Chromium-based Microsoft Edge, this manifests as incorrect rendering or display of critical UI elements, allowing attackers to spoof security indicators, address bars, or other trust signals that users rely on for making security decisions. The Chromium rendering engine may fail to properly validate or display certain UI properties, creating a gap between what the user perceives and the actual network connection or resource being accessed. Affected product: Microsoft Edge for Android across all versions prior to the patched release.

RemediationAI

Microsoft has released a patched version; users should update Microsoft Edge for Android to the latest version available via the Google Play Store or system app update mechanism. Exact patch version information is available in the official Microsoft advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119. Until patching is possible, users should exercise heightened caution when viewing security-critical UI elements (such as the address bar, lock icon, or permission prompts) in Edge on Android, and should verify website identities through independent means (e.g., typing the URL directly rather than following links) before entering credentials or sensitive information.

Share

EUVD-2026-21603 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy