CWE-451 (User Interface (UI) Misrepresentation of Critical Information) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| operating_system | — | Not OS-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-11300 | 2026-06-05 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-11294 | 2026-06-05 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-11286 | 2026-06-05 | Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTM… |
| CVE-2026-11285 | 2026-06-05 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low… |
| CVE-2026-11254 | 2026-06-05 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-11245 | 2026-06-05 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-11232 | 2026-06-04 | Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low) |
| CVE-2026-11228 | 2026-06-04 | Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted… |
| CVE-2026-11227 | 2026-06-04 | Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) |
| CVE-2026-11225 | 2026-06-04 | Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) |
| CVE-2026-11222 | 2026-06-04 | Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-11216 | 2026-06-04 | Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML p… |
| CVE-2026-11215 | 2026-06-04 | Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: M… |
| CVE-2026-11175 | 2026-06-04 | Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-11172 | 2026-06-04 | Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium… |
| CVE-2026-11107 | 2026-06-04 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-11001 | 2026-06-04 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted H… |
| CVE-2026-10984 | 2026-06-04 | Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: … |
| CVE-2019-25718 | 2026-06-01 | Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog intera… |
| CVE-2026-0096 | 2026-06-01 | In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege wi… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-02-13 | CWE Content Team | 2.6 | Critical | Defined several different subtypes of this issue. |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, Other_Notes, References, Relationships, Research_Gaps |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Observed_Examples, References, Relationships, Type |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Maintenance_Notes, Observed_Examples |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description, Related_Attack_Patterns |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Relationships, Weakness_Ordinalities |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Observed_Examples |