CVE-2026-2919 — User Interface (UI) Misrepresentation of Critical Information

CWE-451 — User Interface (UI) Misrepresentation of Critical Information4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 99.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
No affected products listed
Timeline
PublishedMar 9

Description

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for iOS 148.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

🔴Vulnerability Details

2
CVEList
Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect↗2026-03-09
â–¶
GHSA
GHSA-c64m-p38j-gxh3: Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid po↗2026-03-09
â–¶

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2026-18: CVE-2026-2919↗
â–¶
CVE-2026-2919 — MEDIUM severity | cvebase