CVE-2026-0102

LOW

Web Browser - Info Disclosure

Title source: llm

Description

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102

Scores

CVSS v3 3.1

EPSS 0.0002

EPSS Percentile 4.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (2)

microsoft/edge_chromium < 145.0.3800.58

Microsoft/Microsoft Edge (Chromium-based) 1.0.0.0 - 145.0.3800.58

Published Feb 17, 2026

Tracked Since Feb 18, 2026