{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33119", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-17T20:15:23.721Z", "datePublished": "2026-04-10T21:20:37.767Z", "dateUpdated": "2026-05-12T17:39:51.955Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability", "datePublic": "2026-04-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "147.0.3912.60"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge for Android", "versions": [{"version": "1.0.0", "lessThan": "147.0.3912.60", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en-US", "type": "CWE", "cweId": "CWE-451"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:51.955Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:51:58.699869Z", "id": "CVE-2026-33119", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:52:07.675Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33119", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:51:58.699869Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:52:03.207Z"}}], "cna": {"title": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge for Android", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "147.0.3912.60", "versionType": "custom"}]}], "datePublic": "2026-04-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119", "name": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", "vulnerable": true, "versionEndExcluding": "147.0.3912.60", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:51.955Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33119", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:39:51.955Z", "dateReserved": "2026-03-17T20:15:23.721Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-10T21:20:37.767Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", "matchCriteriaId": "4845F880-C10C-418A-9928-F40B0038B775", "versionEndExcluding": "147.0.3912.60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}], "id": "CVE-2026-33119", "lastModified": "2026-04-14T11:57:14.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-10T22:16:21.287", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33119"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["android"], "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0,147.0.3912.60)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Edge for Android", "source": "cna", "vendor": "Microsoft"}, "product": "edge", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-10T22:50:21.116049+00:00", "value": {"mitigation_remediation": ["Install the latest Microsoft Edge update for Android from the Google Play Store or the Microsoft update portal."], "summary": {"action": "Apply patch", "impact": "Spoofing of critical user\u2011interface information"}, "threat_synthesis": {"affected_systems": "All installations of Microsoft Edge for Android based on Chromium are impacted, as no specific version constraints are listed. Every current build should be treated as vulnerable until an official update is applied.", "description_and_impact": "A misrepresentation in the user interface of Microsoft Edge (Chromium\u2011based) for Android allows an attacker to display false or misleading critical information to the user. The vulnerability is a form of user\u2011interface spoofing that could cause users to misinterpret displayed data, potentially leading to security or operational mistakes. It falls under the weakness identified as CWE\u2011451.", "risk_and_exploitability": "The CVSS score of 5.4 signifies moderate severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. EPSS data is not available. Based on the description, the likely attack vector involves an attacker manipulating content over a network or influencing a website that the user visits, leading the browser to render spoofed UI elements. No explicit prerequisites are detailed, so the attack probably requires the user to interact with malicious or compromised web content."}}}}, "created": "2026-04-13T12:42:30.415066+00:00", "updated": "2026-04-13T12:57:18.092652+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$edge"]}