{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33118", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-17T20:15:23.721Z", "datePublished": "2026-04-10T21:20:44.423Z", "dateUpdated": "2026-04-17T16:13:35.786Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "datePublic": "2026-04-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0.0", "versionEndExcluding": "147.0.3912.60"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"version": "1.0.0.0", "lessThan": "147.0.3912.60", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en-US", "type": "CWE", "cweId": "CWE-451"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-17T16:13:35.786Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33118", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T14:02:52.172267Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:04:53.270Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33118", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T14:02:52.172267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:04:17.209Z"}}], "cna": {"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThan": "147.0.3912.60", "versionType": "custom"}]}], "datePublic": "2026-04-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118", "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "147.0.3912.60", "versionStartIncluding": "1.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-17T16:13:35.786Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33118", "state": "PUBLISHED", "dateUpdated": "2026-04-17T16:13:35.786Z", "dateReserved": "2026-03-17T20:15:23.721Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-10T21:20:44.423Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "matchCriteriaId": "877FEF91-CC50-43F6-A8B1-56F0972B3E82", "versionEndExcluding": "147.0.3912.60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"}], "id": "CVE-2026-33118", "lastModified": "2026-04-16T16:34:07.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2026-04-10T22:16:21.123", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0.0,147.0.3912.60)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft Edge (Chromium-based)", "source": "cna", "vendor": "Microsoft"}, "product": "edge_chromium", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-15T19:34:20.829211+00:00", "value": {"mitigation_remediation": ["Verify the installed version of Microsoft Edge.", "Apply the latest Microsoft Edge update released by Microsoft via Windows Update or the Microsoft Edge installer.", "If an immediate update is not available, consider temporarily disabling or uninstalling Microsoft Edge until the patch is released.", "Continue to monitor Microsoft security advisories for any subsequent patches or follow\u2011up notes regarding the vulnerability."], "summary": {"action": "Apply Patch", "impact": "Information Exposure via Spoofing"}, "threat_synthesis": {"affected_systems": "Microsoft Edge (Chromium-based) is the affected product. No explicit version numbers were supplied in the CNA listing, which implies the issue may affect the current release series at the time of the advisory.", "description_and_impact": "The vulnerability in Microsoft Edge (Chromium-based) allows an attacker to spoof elements presented to the user, resulting in the disclosure of sensitive information that the attacker can intentionally reveal. This flaw falls under CWE-451. Based on the description, the impact is limited to data that the attacker can fabricate, and there is no indication that the vulnerability enables code execution or denial of service.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low overall risk, and the EPSS rating of less than one percent suggests that exploitation is unlikely in the near term. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the probable attack vector requires user interaction, such as visiting a malicious web page or engaging with a crafted link, and no direct exploitation path has been disclosed."}}}}, "created": "2026-04-13T12:42:29.452450+00:00", "updated": "2026-04-15T19:45:12.721342+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$edge_chromium"]}