CVE-2026-33118

Published Apr 10, 2026

Last updated 2 days ago

CVSS medium 4.3

Overview

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed
Products: edge_chromium

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

secure@microsoft.com: CWE-451

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "877FEF91-CC50-43F6-A8B1-56F0972B3E82",
            "versionEndExcluding": "147.0.3912.60",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability•CVE-2026-0385
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.•CVE-2026-0102
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.•CVE-2026-0391
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.•CVE-2026-21223
Microsoft Edge (Chromium-based) Spoofing Vulnerability•CVE-2025-65046

References

Sources include official advisories and independent security research.

https://nvd.nist.gov/vuln/detail/CVE-2026-33118
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References