CVE-2026-0391 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0391 PUBLISHED CVSS 6.5 MEDIUM

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

EPSS 0.07% · 20.6th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C

EPSS Score

0.07%

20.6th percentile

Affected Products

Vendor	Product	Versions
microsoft	edge_chromium	1.0.0.0, 0
Microsoft	Microsoft Edge (Chromium-based)	1.0.0.0

Timeline

Feb 5, 2026 CVE Updated
Feb 5, 2026 CVE Published
Feb 6, 2026 EPSS Score
Feb 6, 2026 PoC Published
Feb 6, 2026 PoC Published
Feb 6, 2026 PoC Published
Feb 6, 2026 PoC Published
Feb 6, 2026 PoC Published
Feb 8, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 10, 2026 PoC Published
Feb 11, 2026 EPSS Score

References

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1861 advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-0391 advisory

Open in Interactive Console →