CVE-2026-33118 Microsoft CVE debrief

Who should care

Organizations and individuals using Microsoft Edge (Chromium-based) should be aware of this vulnerability. Given the medium severity and potential for spoofing, defenders should evaluate their exposure and consider applying patches or mitigations to reduce the risk of exploitation.

Technical summary

The vulnerability is caused by UI misrepresentation of critical information in Microsoft Edge (Chromium-based). An unauthorized attacker can exploit this vulnerability to perform spoofing over a network. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating that the attack vector is network-based, authentication is not required, and user interaction is required. The weakness is classified as CWE-451.

Defensive priority

Medium priority due to potential for spoofing attacks over the network.

Recommended defensive actions

• Apply the official patch from Microsoft as soon as possible.
• Review and update Microsoft Edge (Chromium-based) to the latest version.
• Limit exposure by restricting access to sensitive information.
• Monitor for any suspicious activity related to Microsoft Edge.
• Verify the integrity of Microsoft Edge installations.

Evidence notes

The primary evidence for this vulnerability comes from the NVD and CVE.org records. The vulnerability affects Microsoft Edge (Chromium-based) versions prior to 147.0.3912.60. Defenders should verify the version of Microsoft Edge in use and compare it to the patched version to determine exposure.

Official resources