CVE-2026-58595 is a Microsoft Bing App for iOS spoofing vulnerability caused by improper restriction of rendered UI layers or frames. Microsoft rates it as High severity with a CVSS v3.1 base score of 8.1 and temporal score of 7.1. The vector is network-based, requires low attack complexity, no privileges, and user interaction. The reported impact is spoofing, with high integrity and availability impact and no confidentiality impact. Microsoft indicates there is no public disclosure and no known exploitation, with exploit code maturity unproven. Because user interaction is required, this is less urgent than a network-reachable, no-interaction issue, but it remains relevant for enterprise users of the iOS app. Highlights: - CVSS scores: Base 8.1 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Spoofing; Confidentiality: NONE, Integrity: HIGH, Availability: HIGH. - Exploitation likelihood: Not stated as "Exploitation More Likely"; vector context is NETWORK, LOW attack complexity, no privileges, and REQUIRED user interaction. - Severity for enterprise: High technical severity, but real-world enterprise risk is moderated by the required user interaction and lack of reported exploitation. - Patch status: available Affected systems: - Microsoft Bing App for iOS