CWE · MITRE source
CWE-451User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event. UI misrepresentation can take many forms:
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-38112 KEV | 9.1 | 7.5 | 0.9296 | 2024-07-09 |
CVE-2024-43461 KEV | 4.4 | 8.8 | 0.0990 | 2024-09-10 |
CVE-2024-38197 | 2.0 | 6.5 | 0.1109 | 2024-08-13 |
CVE-2025-8043 | 2.0 | 9.8 | 0.0018 | 2025-07-22 |
CVE-2026-0906 | 2.0 | 9.8 | 0.0013 | 2026-01-20 |
CVE-2026-0907 | 2.0 | 9.8 | 0.0013 | 2026-01-20 |
CVE-2026-2634 | 2.0 | 9.8 | 0.0006 | 2026-02-24 |
CVE-2024-0750 | 1.9 | 8.8 | 0.0152 | 2024-01-23 |
CVE-2021-22866 | 1.8 | 8.8 | 0.0020 | 2021-05-14 |
CVE-2021-41598 | 1.8 | 8.8 | 0.0027 | 2022-01-25 |
CVE-2024-49040 | 1.8 | 7.5 | 0.0539 | 2024-11-12 |
CVE-2020-9236 | 1.8 | 8.8 | 0.0021 | 2024-12-27 |
CVE-2025-31951 | 1.8 | 8.8 | 0.0003 | 2026-05-06 |
CVE-2022-39258 | 1.6 | 8.1 | 0.0027 | 2022-09-27 |
CVE-2024-23708 | 1.6 | 7.8 | 0.0010 | 2024-05-07 |
CVE-2024-52269 | 1.6 | 8.1 | 0.0018 | 2024-12-04 |
CVE-2025-9491 | 1.6 | 7.8 | 0.0044 | 2025-08-26 |
CVE-2025-11720 | 1.6 | 8.1 | 0.0004 | 2025-10-14 |
CVE-2024-52276 | 1.5 | 7.5 | 0.0019 | 2024-12-04 |
CVE-2025-29825 | 1.5 | 6.5 | 0.0305 | 2025-05-02 |
CVE-2026-32303 | 1.5 | 7.6 | 0.0002 | 2026-03-20 |
CVE-2026-32317 | 1.5 | 7.6 | 0.0001 | 2026-03-20 |
CVE-2026-32318 | 1.5 | 7.6 | 0.0001 | 2026-03-20 |
CVE-2024-55889 | 1.4 | 4.9 | 0.0698 | 2024-12-13 |
CVE-2025-47963 | 1.4 | 6.3 | 0.0154 | 2025-07-11 |