cve-2026-45494

CVE-2026-45494 is a medium-severity spoofing vulnerability in Microsoft Edge, disclosed in May 2026. It affects Chromium-based Edge versions before 148.0.3967.70. The vulnerability allows a crafted browsing experience to mislead users about a page's true identity, specifically through a split-tab address bar spoofing technique. This can trick users into trusting the wrong site, potentially exposing credentials or leading to actions under false assumptions. Unlike remote code execution or system takeover, this bug focuses on user deception, making it relevant to real-world browser attacks. Discussions on WindowsForum cover the technical details, practical impact, and mitigation steps for CVE-2026-45494.