Spoofing Vulnerability in Microsoft Edge by Microsoft
CVE-2026-40416

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40416?

A spoofing vulnerability in Microsoft Edge (Chromium-based) for Android has been identified, allowing unauthorized attackers to misrepresent critical information through the user interface. This could result in users being misled while interacting with web content or applications, posing significant security risks. Users are advised to apply security updates to mitigate this vulnerability.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 148.0.3967.55

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-40416 Data

JSON