CVE-2026-0102 — Exposure of Private Personal Information to an Unauthorized Actor in Microsoft Edge

CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor5 documents5 sources

Severity

3.1LOWNVD

EPSS

0.0%

top 97.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge Microsoft Edge Chromium

Timeline

PublishedFeb 17

Description

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶NVDmicrosoft/edge_chromium< 145.0.3800.58

▶CVEListV5microsoft/microsoft_edge1.0.0.0 — 145.0.3800.58

🔴Vulnerability Details

CVEList

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability↗2026-02-17

▶

GHSA

GHSA-vp3m-qh4p-wg7c: Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional us↗2026-02-17

▶

📋Vendor Advisories

Microsoft

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability↗2026-02-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0102 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶