Medium severity6.5NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-42891
CVE-2026-42891
Description
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42891nvdVendor Advisory
News mentions
25- Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026BleepingComputer · May 18, 2026
- Hackers Earn $1.3 Million at Pwn2Own Berlin 2026SecurityWeek · May 18, 2026
- Microsoft Exchange, Windows 11 hacked on second day of Pwn2OwnBleepingComputer · May 15, 2026
- Microsoft backpedals: Edge to stop loading passwords into memoryBleepingComputer · May 15, 2026
- Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026BleepingComputer · May 14, 2026
- When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain CompromiseRapid7 Blog · May 13, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)SANS Internet Storm Center · May 12, 2026
- Windows 11 KB5089549 & KB5087420 cumulative updates releasedBleepingComputer · May 12, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026
- Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)Tenable Blog · May 12, 2026
- Cookie thieves caught stealing dev secrets via fake Claude Code installersThe Register Security · May 11, 2026
- TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook WormsThe Hacker News · May 8, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- VoidStealer Malware Darts Past Google Chrome's EncryptionDark Reading · May 6, 2026
- MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware AttackThe Hacker News · May 6, 2026
- Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskDark Reading · May 5, 2026
- Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer CampaignThe Hacker News · Apr 28, 2026
- PhantomRPC: A new privilege escalation technique in Windows RPCSecurelist · Apr 24, 2026
- UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW MalwareThe Hacker News · Apr 23, 2026
- ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New StoriesThe Hacker News · Apr 23, 2026
- Patch Tuesday, April 2026 EditionKrebs on Security · Apr 14, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 14SentinelOne Labs · Apr 3, 2026
- OpenAI's Promptfoo Deal Plugs Agentic AI Testing GapInfosecurity Magazine · Mar 10, 2026
- May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEsCrowdStrike Blog