cve-2026-35429

CVE-2026-35429 is a security vulnerability affecting Microsoft Edge for Android that enables UI spoofing attacks. An attacker can exploit this flaw over the network by hosting a malicious website and persuading a user to open it, causing the browser interface to misrepresent critical information. This spoofing can be leveraged for phishing without requiring authentication or local access. While not a remote code execution or wormable bug, it is a browser trust vulnerability that can be abused in modern phishing campaigns. Discussions on WindowsForum cover the patch version, risk assessment, and practical implications for Android users.