Spoofing Vulnerability in Microsoft Edge (Chromium-based)
CVE-2026-45494

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based)
Vendor: CVE Published:; 18 May 2026

What is CVE-2026-45494?

A security flaw has been identified in Microsoft Edge (Chromium-based) that allows attackers to exploit the spoofing vulnerability. This may enable an attacker to manipulate the browser to display false information, potentially leading to phishing attacks or the unauthorized capture of sensitive user information. Users are encouraged to apply the latest security updates provided by Microsoft to mitigate this risk.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 148.0.3967.70

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45494 Data

JSON